diff options
author | rcritten <> | 2005-09-13 19:35:01 +0000 |
---|---|---|
committer | rcritten <> | 2005-09-13 19:35:01 +0000 |
commit | 3e58b2e2645ea1beda0c84b364c340b519c62860 (patch) | |
tree | 3759fece923138cb68228da78d0b16d321854e5f /nss.conf.in | |
parent | 609e2db639062a6eaf66ca0d8275e01fb19fc44b (diff) | |
download | mod_nss-3e58b2e2645ea1beda0c84b364c340b519c62860.tar.gz mod_nss-3e58b2e2645ea1beda0c84b364c340b519c62860.tar.xz mod_nss-3e58b2e2645ea1beda0c84b364c340b519c62860.zip |
Make SSL2 an optional protocol, disabled by default.
Diffstat (limited to 'nss.conf.in')
-rw-r--r-- | nss.conf.in | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/nss.conf.in b/nss.conf.in index 6cefa04..db9fe3e 100644 --- a/nss.conf.in +++ b/nss.conf.in @@ -72,7 +72,7 @@ NSSEngine on # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_nss documentation for a complete list. -NSSCipherSuite -des,-desede3,-rc2,-rc2export,-rc4,-rc4export,+rsa_3des_sha,-rsa_des_56_sha,+rsa_des_sha,-rsa_null_md5,-rsa_null_sha,-rsa_rc2_40_md5,+rsa_rc4_128_md5,-rsa_rc4_128_sha,-rsa_rc4_40_md5,-rsa_rc4_56_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-fips_des_sha,+fips_3des_sha,-rsa_aes_128_sha,-rsa_aes_256_sha +NSSCipherSuite +rsa_3des_sha,-rsa_des_56_sha,+rsa_des_sha,-rsa_null_md5,-rsa_null_sha,-rsa_rc2_40_md5,+rsa_rc4_128_md5,-rsa_rc4_128_sha,-rsa_rc4_40_md5,-rsa_rc4_56_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-fips_des_sha,+fips_3des_sha,-rsa_aes_128_sha,-rsa_aes_256_sha NSSProtocol SSLv3,TLSv1 @@ -97,6 +97,11 @@ NSSCertificateDatabase @apache_conf@ # require. #NSSVerifyClient none +# +# Online Certificate Status Protocol (OCSP). +# Verify that certificates have not been revoked before accepting them. +#NSSOCSP off + # Access Control: # With SSLRequire you can do per-directory access control based # on arbitrary complex boolean expressions containing server |