net-www/mod_ssl/files/10_mod_ssl.conf


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80

# Copyright 1999-2004 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-www/mod_ssl/files/10_mod_ssl.conf,v 1.1 2005/01/08 21:43:06 hollow Exp $

<IfDefine SSL>
  <IfModule !mod_ssl.c>
    LoadModule ssl_module    modules/libssl.so
  </IfModule>
</IfDefine>

#
# See http://www.modssl.org/docs/2.8/ for details
#
<IfModule mod_ssl.c>
	##--------------------------------------------------------------------------
	## Add additional SSL configuration directives which provide a
	## robust default configuration: virtual server on port 443
	## which speaks SSL.
	##--------------------------------------------------------------------------
	##
	##  SSL Support
	##
	##  When we also provide SSL we have to listen to the 
	##  standard HTTP port (see above) and to the HTTPS port
	##
	Listen 443
	
	##
	##  SSL Global Context
	##
	##  All SSL configuration in this context applies both to
	##  the main server and all SSL-enabled virtual hosts.
	##
	#
	#   Some MIME-types for downloading Certificates and CRLs
	#
	AddType application/x-x509-ca-cert .crt
	AddType application/x-pkcs7-crl    .crl
	
	#   Pass Phrase Dialog:
	#   Configure the pass phrase gathering process.
	#   The filtering dialog program (`builtin' is a internal
	#   terminal dialog) has to provide the pass phrase on stdout.
	SSLPassPhraseDialog  builtin
	
	#   Inter-Process Session Cache:
	#   Configure the SSL Session Cache: First either `none'
	#   or `dbm:/path/to/file' for the mechanism to use and
	#   second the expiring timeout (in seconds).
	#SSLSessionCache         none
	#SSLSessionCache         dbm:logs/ssl_scache
	#SSLSessionCache         shm:/var/cache/apache/ssl_scache
	SSLSessionCache         shm:/var/cache/apache/ssl_scache(512000)
	SSLSessionCacheTimeout  300
	
	#   Semaphore:
	#   Configure the path to the mutual explusion semaphore the
	#   SSL engine uses internally for inter-process synchronization. 
	SSLMutex  sem
	
	#   Pseudo Random Number Generator (PRNG):
	#   Configure one or more sources to seed the PRNG of the 
	#   SSL library. The seed data should be of good random quality.
	SSLRandomSeed startup builtin
	SSLRandomSeed connect builtin
	#SSLRandomSeed startup file:/dev/random  512
	#SSLRandomSeed startup file:/dev/urandom 512
	#SSLRandomSeed connect file:/dev/random  512
	#SSLRandomSeed connect file:/dev/urandom 512
	
	#   Logging:
	#   The home of the dedicated SSL protocol logfile. Errors are
	#   additionally duplicated in the general error log file.  Put
	#   this somewhere where it cannot be used for symlink attacks on
	#   a real server (i.e. somewhere where only root can write).
	#   Log levels are (ascending order: higher ones include lower ones):
	#   none, error, warn, info, trace, debug.
	SSLLog      logs/ssl_engine_log
	SSLLogLevel info
</IfModule>