config/httpd/ssl-global.conf

   1 ##
   2 ##  SSL Global Context
   3 ##
   4 ##  All SSL configuration in this context applies both to
   5 ##  the main server and all SSL-enabled virtual hosts.
   6 ##
   7
   8 # These are the configuration directives to instruct the server how to
   9 # serve pages over an https connection. For detailing information about these
  10 # directives see <URL:http://httpd.apache.org/docs-2.0/mod/mod_ssl.html>
  11 #
  12 # Do NOT simply read the instructions in here without understanding
  13 # what they do.  They're here only as hints or reminders.  If you are unsure
  14 # consult the online docs. You have been warned.
  15
  16 <IfModule mod_ssl.c>
  17
  18         #
  19         #   Some MIME-types for downloading Certificates and CRLs
  20         #
  21         AddType application/x-x509-ca-cert .crt
  22         AddType application/x-pkcs7-crl    .crl
  23
  24         #   Pass Phrase Dialog:
  25         #   Configure the pass phrase gathering process.
  26         #   The filtering dialog program (`builtin' is a internal
  27         #   terminal dialog) has to provide the pass phrase on stdout.
  28         SSLPassPhraseDialog  builtin
  29
  30         #   Inter-Process Session Cache:
  31         #   Configure the SSL Session Cache: First the mechanism
  32         #   to use and second the expiring timeout (in seconds).
  33         #   shm means the same as shmht.
  34         #   Note that on most platforms shared memory segments are not allowed to be on
  35         #   network-mounted drives, so in that case you need to use the dbm method.
  36         #SSLSessionCache        none
  37         #SSLSessionCache         dbm:/var/log/httpd/ssl_scache
  38         #SSLSessionCache        shmht:/var/log/httpd/ssl_scache(512000)
  39         SSLSessionCache         shmcb:/var/log/httpd/ssl_scache(512000)
  40         SSLSessionCacheTimeout  900
  41
  42         #   Pseudo Random Number Generator (PRNG):
  43         #   Configure one or more sources to seed the PRNG of the
  44         #   SSL library. The seed data should be of good random quality.
  45         #   WARNING! On some platforms /dev/random blocks if not enough entropy
  46         #   is available. This means you then cannot use the /dev/random device
  47         #   because it would lead to very long connection times (as long as
  48         #   it requires to make more entropy available). But usually those
  49         #   platforms additionally provide a /dev/urandom device which doesn't
  50         #   block. So, if available, use this one instead. Read the mod_ssl User
  51         #   Manual for more details.
  52         SSLRandomSeed startup builtin
  53         SSLRandomSeed connect builtin
  54
  55 </IfModule>