|
Link Here
|
| 1 |
--- ./docs/conf/extra/httpd-ssl.conf.in.orig 2008-02-04 23:00:07.000000000 +0000 |
1 |
--- ./docs/conf/extra/httpd-ssl.conf.in.orig 2012-01-31 15:16:43.000000000 -0800 |
| 2 |
+++ ./docs/conf/extra/httpd-ssl.conf.in 2012-01-23 23:20:06.446390870 +0000 |
2 |
+++ ./docs/conf/extra/httpd-ssl.conf.in 2012-01-31 15:17:47.000000000 -0800 |
| 3 |
@@ -77,17 +77,35 @@ |
3 |
@@ -77,8 +77,8 @@ |
| 4 |
DocumentRoot "@exp_htdocsdir@" |
4 |
DocumentRoot "@exp_htdocsdir@" |
| 5 |
ServerName www.example.com:@@SSLPort@@ |
5 |
ServerName www.example.com:@@SSLPort@@ |
| 6 |
ServerAdmin you@example.com |
6 |
ServerAdmin you@example.com |
| 7 |
-ErrorLog "@exp_logfiledir@/error_log" |
7 |
-ErrorLog "@exp_logfiledir@/error_log" |
| 8 |
-TransferLog "@exp_logfiledir@/access_log" |
8 |
-TransferLog "@exp_logfiledir@/access_log" |
| 9 |
+ErrorLog "@exp_logfiledir@/httpd-error.log" |
9 |
+ErrorLog "@exp_logfiledir@/httpd-error_log" |
| 10 |
+TransferLog "@exp_logfiledir@/httpd-access.log" |
10 |
+TransferLog "@exp_logfiledir@/httpd-access_log" |
| 11 |
|
11 |
|
| 12 |
# SSL Engine Switch: |
12 |
# SSL Engine Switch: |
| 13 |
# Enable/Disable SSL for this virtual host. |
13 |
# Enable/Disable SSL for this virtual host. |
| 14 |
SSLEngine on |
14 |
@@ -243,7 +243,7 @@ |
| 15 |
|
|
|
| 16 |
+# SSL Protocol support: |
| 17 |
+# List the protocol versions which clients are allowed to |
| 18 |
+# connect with. Disable SSLv2 by default (cf. RFC 6176). |
| 19 |
+SSLProtocol all -SSLv2 |
| 20 |
+ |
| 21 |
# SSL Cipher Suite: |
| 22 |
# List the ciphers that the client is permitted to negotiate. |
| 23 |
# See the mod_ssl documentation for a complete list. |
| 24 |
-SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL |
| 25 |
+SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 |
| 26 |
+ |
| 27 |
+# Speed-optimized SSL Cipher configuration: |
| 28 |
+# If speed is your main concern (on busy HTTPS servers e.g.), |
| 29 |
+# you might want to force clients to specific, performance |
| 30 |
+# optimized ciphers. In this case, prepend those ciphers |
| 31 |
+# to the SSLCipherSuite list, and enable SSLHonorCipherOrder. |
| 32 |
+# Caveat: by giving precedence to RC4-SHA and AES128-SHA |
| 33 |
+# (as in the example below), most connections will no longer |
| 34 |
+# have perfect forward secrecy - if the server's key is |
| 35 |
+# compromised, captures of past or future traffic must be |
| 36 |
+# considered compromised, too. |
| 37 |
+#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 |
| 38 |
+#SSLHonorCipherOrder on |
| 39 |
|
| 40 |
# Server Certificate: |
| 41 |
# Point SSLCertificateFile at a PEM encoded certificate. If |
| 42 |
@@ -218,14 +236,14 @@ |
| 43 |
# Similarly, one has to force some clients to use HTTP/1.0 to workaround |
| 44 |
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and |
| 45 |
# "force-response-1.0" for this. |
| 46 |
-BrowserMatch ".*MSIE.*" \ |
| 47 |
+BrowserMatch "MSIE [2-5]" \ |
| 48 |
nokeepalive ssl-unclean-shutdown \ |
| 49 |
downgrade-1.0 force-response-1.0 |
| 50 |
|
| 51 |
# Per-Server Logging: |
15 |
# Per-Server Logging: |
| 52 |
# The home of a custom SSL log file. Use this when you want a |
16 |
# The home of a custom SSL log file. Use this when you want a |
| 53 |
# compact non-error SSL logfile on a virtual host basis. |
17 |
# compact non-error SSL logfile on a virtual host basis. |
| 54 |
-CustomLog "@exp_logfiledir@/ssl_request_log" \ |
18 |
-CustomLog "@exp_logfiledir@/ssl_request_log" \ |
| 55 |
+CustomLog "@exp_logfiledir@/httpd-ssl_request.log" \ |
19 |
+CustomLog "@exp_logfiledir@/httpd-ssl_request_log" \ |
| 56 |
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" |
20 |
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" |
| 57 |
|
21 |
|
| 58 |
</VirtualHost> |
22 |
</VirtualHost> |