diff options
| author | cvsdist <cvsdist@fedoraproject.org> | 2004-09-09 06:16:14 +0000 |
|---|---|---|
| committer | cvsdist <cvsdist@fedoraproject.org> | 2004-09-09 06:16:14 +0000 |
| commit | d48e904fadabcf6c6e17de53310a6a67622b5b57 (patch) | |
| tree | ab6c52a22ca43a01035e4cfb4a9ae035642b04d6 /ssl.conf | |
| parent | fe7382d19c849a7a57ed7e7ca354cb064d72376e (diff) | |
| download | httpd-d48e904fadabcf6c6e17de53310a6a67622b5b57.tar.gz httpd-d48e904fadabcf6c6e17de53310a6a67622b5b57.tar.xz httpd-d48e904fadabcf6c6e17de53310a6a67622b5b57.zip | |
auto-import httpd-2.0.47-10 from httpd-2.0.47-10.src.rpmhttpd-2_0_47-10
Diffstat (limited to 'ssl.conf')
| -rw-r--r-- | ssl.conf | 33 |
1 files changed, 20 insertions, 13 deletions
@@ -56,9 +56,8 @@ SSLPassPhraseDialog builtin # Configure the SSL Session Cache: First the mechanism # to use and second the expiring timeout (in seconds). #SSLSessionCache none -#SSLSessionCache shmht:/var/cache/mod_ssl/scache(512000) -#SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) -SSLSessionCache dbm:/var/cache/mod_ssl/scache +#SSLSessionCache dbm:/var/cache/mod_ssl/scache(512000) +SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 # Semaphore: @@ -83,16 +82,28 @@ SSLRandomSeed connect builtin #SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed connect file:/dev/urandom 512 +# +# Use "SSLCryptoDevice" to enable any supported hardware +# accelerators. Use "openssl engine -v" to list supported +# engine names. NOTE: If you enable an accelerator and the +# server does not start, consult the error logs and ensure +# your accelerator is functioning properly. +# +SSLCryptoDevice builtin +#SSLCryptoDevice ubsec + ## ## SSL Virtual Host Context ## <VirtualHost _default_:443> -# General setup for the virtual host -DocumentRoot "/var/www/html" -ServerName new.host.name:443 -ServerAdmin you@your.address +# General setup for the virtual host, inherited from global configuration +#DocumentRoot "/var/www/html" +#ServerName new.host.name:443 +#ServerAdmin you@your.address + +# Use separate log files: ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log @@ -103,7 +114,7 @@ SSLEngine on # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. -SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL +SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If @@ -141,7 +152,7 @@ SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key # to point to the certificate files. Use the provided # Makefile to update the hash symlinks after changes. #SSLCACertificatePath /etc/httpd/conf/ssl.crt -#SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca-bundle.crt +#SSLCACertificateFile /usr/share/ssl/certs/ca-bundle.crt # Certificate Revocation Lists (CRL): # Set the CA revocation path where to find CA CRLs for client @@ -196,10 +207,6 @@ SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key # because the extraction step is an expensive operation and is usually # useless for serving static content. So one usually enables the # exportation for CGI and SSI requests only. -# o CompatEnvVars: -# This exports obsolete environment variables for backward compatibility -# to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use this -# to provide compatibility to existing CGI scripts. # o StrictRequire: # This denies access when "SSLRequireSSL" or "SSLRequire" applied even # under a "Satisfy any" situation, i.e. when it applies access is denied |