-##
-## SSL Global Context
-##
-## All SSL configuration in this context applies both to
-## the main server and all SSL-enabled virtual hosts.
-##
-
-# These are the configuration directives to instruct the server how to
-# serve pages over an https connection. For detailing information about these
-# directives see <URL:http://httpd.apache.org/docs-2.0/mod/mod_ssl.html>
-#
-# Do NOT simply read the instructions in here without understanding
-# what they do. They're here only as hints or reminders. If you are unsure
-# consult the online docs. You have been warned.
-
<IfModule mod_ssl.c>
- #
- # Some MIME-types for downloading Certificates and CRLs
- #
+ # Some MIME-types for downloading Certificates and CRLs
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
- # Pass Phrase Dialog:
- # Configure the pass phrase gathering process.
- # The filtering dialog program (`builtin' is a internal
- # terminal dialog) has to provide the pass phrase on stdout.
+ # Pass Phrase Dialog
SSLPassPhraseDialog builtin
- # Inter-Process Session Cache:
- # Configure the SSL Session Cache: First the mechanism
- # to use and second the expiring timeout (in seconds).
- # shm means the same as shmht.
- # Note that on most platforms shared memory segments are not allowed to be on
- # network-mounted drives, so in that case you need to use the dbm method.
- #SSLSessionCache none
- #SSLSessionCache dbm:/var/log/httpd/ssl_scache
- #SSLSessionCache shmht:/var/log/httpd/ssl_scache(512000)
+ # Inter-Process Session Cache
SSLSessionCache shmcb:/var/log/httpd/ssl_scache(512000)
SSLSessionCacheTimeout 900
- # Pseudo Random Number Generator (PRNG):
- # Configure one or more sources to seed the PRNG of the
- # SSL library. The seed data should be of good random quality.
- # WARNING! On some platforms /dev/random blocks if not enough entropy
- # is available. This means you then cannot use the /dev/random device
- # because it would lead to very long connection times (as long as
- # it requires to make more entropy available). But usually those
- # platforms additionally provide a /dev/urandom device which doesn't
- # block. So, if available, use this one instead. Read the mod_ssl User
- # Manual for more details.
+ # Pseudo Random Number Generator (PRNG)
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin