]>
Commit | Line | Data |
---|---|---|
759ed8ce | 1 | LoadModule ssl_module /usr/lib/apache/libssl.so |
2 | ||
3 | ##-------------------------------------------------------------------------- | |
4 | ## Add additional SSL configuration directives which provide a | |
5 | ## robust default configuration: virtual server on port 443 | |
6 | ## which speaks SSL. | |
7 | ##-------------------------------------------------------------------------- | |
8 | ## | |
9 | ## SSL Support | |
10 | ## | |
11 | ## When we also provide SSL we have to listen to the | |
12 | ## standard HTTP port (see above) and to the HTTPS port | |
13 | ## | |
14 | Listen 443 | |
15 | ||
16 | ## | |
17 | ## SSL Global Context | |
18 | ## | |
19 | ## All SSL configuration in this context applies both to | |
20 | ## the main server and all SSL-enabled virtual hosts. | |
21 | ## | |
22 | ||
23 | # | |
24 | # Some MIME-types for downloading Certificates and CRLs | |
25 | # | |
26 | AddType application/x-x509-ca-cert .crt | |
27 | AddType application/x-pkcs7-crl .crl | |
28 | ||
29 | # Pass Phrase Dialog: | |
30 | # Configure the pass phrase gathering process. | |
31 | # The filtering dialog program (`builtin' is a internal | |
32 | # terminal dialog) has to provide the pass phrase on stdout. | |
33 | SSLPassPhraseDialog builtin | |
34 | ||
35 | # Inter-Process Session Cache: | |
36 | # Configure the SSL Session Cache: First either `none' | |
37 | # or `dbm:/path/to/file' for the mechanism to use and | |
38 | # second the expiring timeout (in seconds). | |
39 | #SSLSessionCache none | |
40 | #SSLSessionCache dbm:logs/ssl_scache | |
41 | SSLSessionCache shm:logs/ssl_scache(512000) | |
42 | SSLSessionCacheTimeout 300 | |
43 | ||
44 | # Semaphore: | |
45 | # Configure the path to the mutual explusion semaphore the | |
46 | # SSL engine uses internally for inter-process synchronization. | |
47 | SSLMutex file:logs/ssl_mutex | |
48 | ||
49 | # Pseudo Random Number Generator (PRNG): | |
50 | # Configure one or more sources to seed the PRNG of the | |
51 | # SSL library. The seed data should be of good random quality. | |
52 | SSLRandomSeed startup builtin | |
53 | SSLRandomSeed connect builtin | |
54 | #SSLRandomSeed startup file:/dev/random 512 | |
55 | #SSLRandomSeed startup file:/dev/urandom 512 | |
56 | #SSLRandomSeed connect file:/dev/random 512 | |
57 | #SSLRandomSeed connect file:/dev/urandom 512 | |
58 | ||
59 | # Logging: | |
60 | # The home of the dedicated SSL protocol logfile. Errors are | |
61 | # additionally duplicated in the general error log file. Put | |
62 | # this somewhere where it cannot be used for symlink attacks on | |
63 | # a real server (i.e. somewhere where only root can write). | |
64 | # Log levels are (ascending order: higher ones include lower ones): | |
65 | # none, error, warn, info, trace, debug. | |
66 | SSLLog logs/ssl_engine_log | |
67 | SSLLogLevel info | |
68 |