]> git.ipfire.org Git - people/teissler/ipfire-2.x.git/blame - config/httpd/ssl-global.conf
Updated samba to latest stable
[people/teissler/ipfire-2.x.git] / config / httpd / ssl-global.conf
CommitLineData
90c973a6
MT
1##
2## SSL Global Context
3##
4## All SSL configuration in this context applies both to
5## the main server and all SSL-enabled virtual hosts.
6##
7
8# These are the configuration directives to instruct the server how to
9# serve pages over an https connection. For detailing information about these
10# directives see <URL:http://httpd.apache.org/docs-2.0/mod/mod_ssl.html>
11#
12# Do NOT simply read the instructions in here without understanding
13# what they do. They're here only as hints or reminders. If you are unsure
14# consult the online docs. You have been warned.
15
16# This global SSL configuration is ignored if
17# "SSL" is not defined, or if "NOSSL" is defined.
18<IfDefine SSL>
19<IfDefine !NOSSL>
20<IfModule mod_ssl.c>
21
22 #
23 # Some MIME-types for downloading Certificates and CRLs
24 #
25 AddType application/x-x509-ca-cert .crt
26 AddType application/x-pkcs7-crl .crl
27
28 # Pass Phrase Dialog:
29 # Configure the pass phrase gathering process.
30 # The filtering dialog program (`builtin' is a internal
31 # terminal dialog) has to provide the pass phrase on stdout.
32 SSLPassPhraseDialog builtin
33
34 # Inter-Process Session Cache:
35 # Configure the SSL Session Cache: First the mechanism
36 # to use and second the expiring timeout (in seconds).
37 # shm means the same as shmht.
38 # Note that on most platforms shared memory segments are not allowed to be on
39 # network-mounted drives, so in that case you need to use the dbm method.
40 #SSLSessionCache none
41 #SSLSessionCache dbm:/var/log/httpd/ssl_scache
42 #SSLSessionCache shmht:/var/log/httpd/ssl_scache(512000)
43 SSLSessionCache shmcb:/var/log/httpd/ssl_scache(512000)
44 SSLSessionCacheTimeout 900
45
46 # Semaphore:
47 # Configure the path to the mutual exclusion semaphore the
48 # SSL engine uses internally for inter-process synchronization.
49 SSLMutex file:/var/log/httpd/ssl_mutex
50
51 # Pseudo Random Number Generator (PRNG):
52 # Configure one or more sources to seed the PRNG of the
53 # SSL library. The seed data should be of good random quality.
54 # WARNING! On some platforms /dev/random blocks if not enough entropy
55 # is available. This means you then cannot use the /dev/random device
56 # because it would lead to very long connection times (as long as
57 # it requires to make more entropy available). But usually those
58 # platforms additionally provide a /dev/urandom device which doesn't
59 # block. So, if available, use this one instead. Read the mod_ssl User
60 # Manual for more details.
61 SSLRandomSeed startup builtin
62 SSLRandomSeed connect builtin
63
64 SSLLog /var/log/httpd/ssl_engine_log
65 SSLLogLevel info
66
67</IfModule>
68</IfDefine>
69</IfDefine>