/[apache]/trunk/dist/2.2/conf/modules.d/40_mod_ssl.conf
Gentoo

Diff of /trunk/dist/2.2/conf/modules.d/40_mod_ssl.conf

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 160 Revision 161
1# Note: The following must must be present to support
2# starting without SSL on platforms with no /dev/random equivalent
3# but a statically compiled-in mod_ssl.
1<IfModule ssl_module> 4<IfModule ssl_module>
2 # Note: The following must must be present to support
3 # starting without SSL on platforms with no /dev/random equivalent
4 # but a statically compiled-in mod_ssl.
5 SSLRandomSeed startup builtin 5SSLRandomSeed startup builtin
6 SSLRandomSeed connect builtin 6SSLRandomSeed connect builtin
7</IfModule> 7</IfModule>
8 8
9<IfDefine SSL> 9<IfDefine SSL>
10 <IfModule ssl_module> 10<IfModule ssl_module>
11 # This is the Apache server configuration file providing SSL support. 11# This is the Apache server configuration file providing SSL support.
12 # It contains the configuration directives to instruct the server how to 12# It contains the configuration directives to instruct the server how to
13 # serve pages over an https connection. For detailing information about these 13# serve pages over an https connection. For detailing information about these
14 # directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html> 14# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html>
15 15
16 # Do NOT simply read the instructions in here without understanding 16# Do NOT simply read the instructions in here without understanding
17 # what they do. They're here only as hints or reminders. If you are unsure 17# what they do. They're here only as hints or reminders. If you are unsure
18 # consult the online docs. You have been warned. 18# consult the online docs. You have been warned.
19
20 ## Pseudo Random Number Generator (PRNG):
21 # Configure one or more sources to seed the PRNG of the SSL library.
22 # The seed data should be of good random quality.
23 # WARNING! On some platforms /dev/random blocks if not enough entropy
24 # is available. This means you then cannot use the /dev/random device
25 # because it would lead to very long connection times (as long as
26 # it requires to make more entropy available). But usually those
27 # platforms additionally provide a /dev/urandom device which doesn't
28 # block. So, if available, use this one instead. Read the mod_ssl User
29 # Manual for more details.
30 #SSLRandomSeed startup file:/dev/random 512
31 #SSLRandomSeed startup file:/dev/urandom 512
32 #SSLRandomSeed connect file:/dev/random 512
33 #SSLRandomSeed connect file:/dev/urandom 512
34
35 # When we also provide SSL we have to listen to the standard HTTP port (see
36 # above) and to the HTTPS port
37 # Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
38 # Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
39 Listen 443
40 19
41 ## SSL Global Context: 20## Pseudo Random Number Generator (PRNG):
42 # All SSL configuration in this context applies both to the main server and 21# Configure one or more sources to seed the PRNG of the SSL library.
43 # all SSL-enabled virtual hosts. 22# The seed data should be of good random quality.
44 23# WARNING! On some platforms /dev/random blocks if not enough entropy
45 # Some MIME-types for downloading Certificates and CRLs 24# is available. This means you then cannot use the /dev/random device
46 <IfModule mime_module> 25# because it would lead to very long connection times (as long as
47 AddType application/x-x509-ca-cert .crt 26# it requires to make more entropy available). But usually those
48 AddType application/x-pkcs7-crl .crl 27# platforms additionally provide a /dev/urandom device which doesn't
49 </IfModule> 28# block. So, if available, use this one instead. Read the mod_ssl User
29# Manual for more details.
30#SSLRandomSeed startup file:/dev/random 512
31#SSLRandomSeed startup file:/dev/urandom 512
32#SSLRandomSeed connect file:/dev/random 512
33#SSLRandomSeed connect file:/dev/urandom 512
50 34
51 ## Pass Phrase Dialog: 35# When we also provide SSL we have to listen to the standard HTTP port (see
52 # Configure the pass phrase gathering process. The filtering dialog program 36# above) and to the HTTPS port
53 # (`builtin' is a internal terminal dialog) has to provide the pass phrase on 37# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
54 # stdout. 38# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
55 SSLPassPhraseDialog builtin 39Listen 443
56 40
57 ## Inter-Process Session Cache: 41## SSL Global Context:
58 # Configure the SSL Session Cache: First the mechanism to use and second the 42# All SSL configuration in this context applies both to the main server and
59 # expiring timeout (in seconds). 43# all SSL-enabled virtual hosts.
60 #SSLSessionCache dbm:/var/run/ssl_scache
61 SSLSessionCache shmcb:/var/run/ssl_scache(512000)
62 SSLSessionCacheTimeout 300
63 44
45# Some MIME-types for downloading Certificates and CRLs
46<IfModule mime_module>
47 AddType application/x-x509-ca-cert .crt
48 AddType application/x-pkcs7-crl .crl
49</IfModule>
50
51## Pass Phrase Dialog:
52# Configure the pass phrase gathering process. The filtering dialog program
53# (`builtin' is a internal terminal dialog) has to provide the pass phrase on
54# stdout.
55SSLPassPhraseDialog builtin
56
57## Inter-Process Session Cache:
58# Configure the SSL Session Cache: First the mechanism to use and second the
59# expiring timeout (in seconds).
60#SSLSessionCache dbm:/var/run/ssl_scache
61SSLSessionCache shmcb:/var/run/ssl_scache(512000)
62SSLSessionCacheTimeout 300
63
64 ## Semaphore: 64## Semaphore:
65 # Configure the path to the mutual exclusion semaphore the SSL engine uses 65# Configure the path to the mutual exclusion semaphore the SSL engine uses
66 # internally for inter-process synchronization. 66# internally for inter-process synchronization.
67 SSLMutex file:/var/run/ssl_mutex 67SSLMutex file:/var/run/ssl_mutex
68 </IfModule> 68</IfModule>
69</IfDefine> 69</IfDefine>
70 70
71# vim: ts=4 filetype=apache 71# vim: ts=4 filetype=apache

Legend:
Removed from v.160  
changed lines
  Added in v.161

  ViewVC Help
Powered by ViewVC 1.1.20