]>
Commit | Line | Data |
---|---|---|
90c973a6 MT |
1 | ## |
2 | ## SSL Global Context | |
3 | ## | |
4 | ## All SSL configuration in this context applies both to | |
5 | ## the main server and all SSL-enabled virtual hosts. | |
6 | ## | |
7 | ||
8 | # These are the configuration directives to instruct the server how to | |
9 | # serve pages over an https connection. For detailing information about these | |
10 | # directives see <URL:http://httpd.apache.org/docs-2.0/mod/mod_ssl.html> | |
11 | # | |
12 | # Do NOT simply read the instructions in here without understanding | |
13 | # what they do. They're here only as hints or reminders. If you are unsure | |
14 | # consult the online docs. You have been warned. | |
15 | ||
16 | # This global SSL configuration is ignored if | |
17 | # "SSL" is not defined, or if "NOSSL" is defined. | |
18 | <IfDefine SSL> | |
19 | <IfDefine !NOSSL> | |
20 | <IfModule mod_ssl.c> | |
21 | ||
22 | # | |
23 | # Some MIME-types for downloading Certificates and CRLs | |
24 | # | |
25 | AddType application/x-x509-ca-cert .crt | |
26 | AddType application/x-pkcs7-crl .crl | |
27 | ||
28 | # Pass Phrase Dialog: | |
29 | # Configure the pass phrase gathering process. | |
30 | # The filtering dialog program (`builtin' is a internal | |
31 | # terminal dialog) has to provide the pass phrase on stdout. | |
32 | SSLPassPhraseDialog builtin | |
33 | ||
34 | # Inter-Process Session Cache: | |
35 | # Configure the SSL Session Cache: First the mechanism | |
36 | # to use and second the expiring timeout (in seconds). | |
37 | # shm means the same as shmht. | |
38 | # Note that on most platforms shared memory segments are not allowed to be on | |
39 | # network-mounted drives, so in that case you need to use the dbm method. | |
40 | #SSLSessionCache none | |
41 | #SSLSessionCache dbm:/var/log/httpd/ssl_scache | |
42 | #SSLSessionCache shmht:/var/log/httpd/ssl_scache(512000) | |
43 | SSLSessionCache shmcb:/var/log/httpd/ssl_scache(512000) | |
44 | SSLSessionCacheTimeout 900 | |
45 | ||
46 | # Semaphore: | |
47 | # Configure the path to the mutual exclusion semaphore the | |
48 | # SSL engine uses internally for inter-process synchronization. | |
49 | SSLMutex file:/var/log/httpd/ssl_mutex | |
50 | ||
51 | # Pseudo Random Number Generator (PRNG): | |
52 | # Configure one or more sources to seed the PRNG of the | |
53 | # SSL library. The seed data should be of good random quality. | |
54 | # WARNING! On some platforms /dev/random blocks if not enough entropy | |
55 | # is available. This means you then cannot use the /dev/random device | |
56 | # because it would lead to very long connection times (as long as | |
57 | # it requires to make more entropy available). But usually those | |
58 | # platforms additionally provide a /dev/urandom device which doesn't | |
59 | # block. So, if available, use this one instead. Read the mod_ssl User | |
60 | # Manual for more details. | |
61 | SSLRandomSeed startup builtin | |
62 | SSLRandomSeed connect builtin | |
63 | ||
64 | SSLLog /var/log/httpd/ssl_engine_log | |
65 | SSLLogLevel info | |
66 | ||
67 | </IfModule> | |
68 | </IfDefine> | |
69 | </IfDefine> |