config/httpd/ssl-global.conf

   1 ##
   2 ##  SSL Global Context
   3 ##
   4 ##  All SSL configuration in this context applies both to
   5 ##  the main server and all SSL-enabled virtual hosts.
   6 ##
   7
   8 # These are the configuration directives to instruct the server how to
   9 # serve pages over an https connection. For detailing information about these
  10 # directives see <URL:http://httpd.apache.org/docs-2.0/mod/mod_ssl.html>
  11 #
  12 # Do NOT simply read the instructions in here without understanding
  13 # what they do.  They're here only as hints or reminders.  If you are unsure
  14 # consult the online docs. You have been warned.
  15
  16 # This global SSL configuration is ignored if
  17 # "SSL" is not defined, or if "NOSSL" is defined.
  18 <IfDefine SSL>
  19 <IfDefine !NOSSL>
  20 <IfModule mod_ssl.c>
  21
  22         #
  23         #   Some MIME-types for downloading Certificates and CRLs
  24         #
  25         AddType application/x-x509-ca-cert .crt
  26         AddType application/x-pkcs7-crl    .crl
  27
  28         #   Pass Phrase Dialog:
  29         #   Configure the pass phrase gathering process.
  30         #   The filtering dialog program (`builtin' is a internal
  31         #   terminal dialog) has to provide the pass phrase on stdout.
  32         SSLPassPhraseDialog  builtin
  33
  34         #   Inter-Process Session Cache:
  35         #   Configure the SSL Session Cache: First the mechanism
  36         #   to use and second the expiring timeout (in seconds).
  37         #   shm means the same as shmht.
  38         #   Note that on most platforms shared memory segments are not allowed to be on
  39         #   network-mounted drives, so in that case you need to use the dbm method.
  40         #SSLSessionCache        none
  41         #SSLSessionCache         dbm:/var/log/httpd/ssl_scache
  42         #SSLSessionCache        shmht:/var/log/httpd/ssl_scache(512000)
  43         SSLSessionCache         shmcb:/var/log/httpd/ssl_scache(512000)
  44         SSLSessionCacheTimeout  900
  45
  46         #   Semaphore:
  47         #   Configure the path to the mutual exclusion semaphore the
  48         #   SSL engine uses internally for inter-process synchronization.
  49         SSLMutex  file:/var/log/httpd/ssl_mutex
  50
  51         #   Pseudo Random Number Generator (PRNG):
  52         #   Configure one or more sources to seed the PRNG of the
  53         #   SSL library. The seed data should be of good random quality.
  54         #   WARNING! On some platforms /dev/random blocks if not enough entropy
  55         #   is available. This means you then cannot use the /dev/random device
  56         #   because it would lead to very long connection times (as long as
  57         #   it requires to make more entropy available). But usually those
  58         #   platforms additionally provide a /dev/urandom device which doesn't
  59         #   block. So, if available, use this one instead. Read the mod_ssl User
  60         #   Manual for more details.
  61         SSLRandomSeed startup builtin
  62         SSLRandomSeed connect builtin
  63
  64         SSLLog      /var/log/httpd/ssl_engine_log
  65         SSLLogLevel info
  66
  67 </IfModule>
  68 </IfDefine>
  69 </IfDefine>