author | Norm Jacobs <Norm.Jacobs@Oracle.COM> |
Wed, 27 May 2015 11:09:36 -0500 | |
changeset 4362 | 0a8849e52e36 |
parent 4052 | dd17ecf751c3 |
child 4696 | 96b9957387bf |
permissions | -rw-r--r-- |
2223
2bbd29293854
18764604 Apache should not enable pkcs11 engine by default on T4/T4+ platforms
Petr Sumbera <petr.sumbera@oracle.com>
parents:
714
diff
changeset
|
1 |
Patch origin: in-house |
2bbd29293854
18764604 Apache should not enable pkcs11 engine by default on T4/T4+ platforms
Petr Sumbera <petr.sumbera@oracle.com>
parents:
714
diff
changeset
|
2 |
Patch status: Solaris-specific; not suitable for upstream |
4052
dd17ecf751c3
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
2223
diff
changeset
|
3 |
Patch status: SSLProtocol part will be submitted to upstream |
2223
2bbd29293854
18764604 Apache should not enable pkcs11 engine by default on T4/T4+ platforms
Petr Sumbera <petr.sumbera@oracle.com>
parents:
714
diff
changeset
|
4 |
|
4052
dd17ecf751c3
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
2223
diff
changeset
|
5 |
--- docs/conf/extra/httpd-ssl.conf.in |
dd17ecf751c3
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
2223
diff
changeset
|
6 |
+++ docs/conf/extra/httpd-ssl.conf.in |
714
b205ca9f0d84
7149111 Upgrade Apache Web Server to version 2.2.22
Petr Sumbera <petr.sumbera@oracle.com>
parents:
278
diff
changeset
|
7 |
@@ -22,11 +22,16 @@ |
278
77b380ba9d84
7045614 Move Apache Web server to userland
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
8 |
# Manual for more details. |
77b380ba9d84
7045614 Move Apache Web server to userland
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
9 |
# |
77b380ba9d84
7045614 Move Apache Web server to userland
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
10 |
#SSLRandomSeed startup file:/dev/random 512 |
77b380ba9d84
7045614 Move Apache Web server to userland
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
11 |
-#SSLRandomSeed startup file:/dev/urandom 512 |
77b380ba9d84
7045614 Move Apache Web server to userland
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
12 |
+SSLRandomSeed startup file:/dev/urandom 512 |
77b380ba9d84
7045614 Move Apache Web server to userland
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
13 |
#SSLRandomSeed connect file:/dev/random 512 |
77b380ba9d84
7045614 Move Apache Web server to userland
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
14 |
-#SSLRandomSeed connect file:/dev/urandom 512 |
77b380ba9d84
7045614 Move Apache Web server to userland
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
15 |
+SSLRandomSeed connect file:/dev/urandom 512 |
714
b205ca9f0d84
7149111 Upgrade Apache Web Server to version 2.2.22
Petr Sumbera <petr.sumbera@oracle.com>
parents:
278
diff
changeset
|
16 |
|
b205ca9f0d84
7149111 Upgrade Apache Web Server to version 2.2.22
Petr Sumbera <petr.sumbera@oracle.com>
parents:
278
diff
changeset
|
17 |
+# |
2223
2bbd29293854
18764604 Apache should not enable pkcs11 engine by default on T4/T4+ platforms
Petr Sumbera <petr.sumbera@oracle.com>
parents:
714
diff
changeset
|
18 |
+# Enable Solaris crypto framework (recommended for T1/T2/T3 based systems) |
714
b205ca9f0d84
7149111 Upgrade Apache Web Server to version 2.2.22
Petr Sumbera <petr.sumbera@oracle.com>
parents:
278
diff
changeset
|
19 |
+# |
2223
2bbd29293854
18764604 Apache should not enable pkcs11 engine by default on T4/T4+ platforms
Petr Sumbera <petr.sumbera@oracle.com>
parents:
714
diff
changeset
|
20 |
+#SSLCryptoDevice pkcs11 |
278
77b380ba9d84
7045614 Move Apache Web server to userland
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
21 |
|
714
b205ca9f0d84
7149111 Upgrade Apache Web Server to version 2.2.22
Petr Sumbera <petr.sumbera@oracle.com>
parents:
278
diff
changeset
|
22 |
+ |
278
77b380ba9d84
7045614 Move Apache Web server to userland
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
23 |
# |
714
b205ca9f0d84
7149111 Upgrade Apache Web Server to version 2.2.22
Petr Sumbera <petr.sumbera@oracle.com>
parents:
278
diff
changeset
|
24 |
# When we also provide SSL we have to listen to the |
b205ca9f0d84
7149111 Upgrade Apache Web Server to version 2.2.22
Petr Sumbera <petr.sumbera@oracle.com>
parents:
278
diff
changeset
|
25 |
# standard HTTP port (see above) and to the HTTPS port |
b205ca9f0d84
7149111 Upgrade Apache Web Server to version 2.2.22
Petr Sumbera <petr.sumbera@oracle.com>
parents:
278
diff
changeset
|
26 |
@@ -75,7 +80,7 @@ |
278
77b380ba9d84
7045614 Move Apache Web server to userland
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
27 |
|
77b380ba9d84
7045614 Move Apache Web server to userland
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
28 |
# General setup for the virtual host |
77b380ba9d84
7045614 Move Apache Web server to userland
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
29 |
DocumentRoot "@exp_htdocsdir@" |
77b380ba9d84
7045614 Move Apache Web server to userland
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
30 |
-ServerName www.example.com:@@SSLPort@@ |
77b380ba9d84
7045614 Move Apache Web server to userland
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
31 |
+ServerName 127.0.0.1:@@SSLPort@@ |
77b380ba9d84
7045614 Move Apache Web server to userland
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
32 |
ServerAdmin [email protected] |
77b380ba9d84
7045614 Move Apache Web server to userland
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
33 |
ErrorLog "@exp_logfiledir@/error_log" |
77b380ba9d84
7045614 Move Apache Web server to userland
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
34 |
TransferLog "@exp_logfiledir@/access_log" |
4052
dd17ecf751c3
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
2223
diff
changeset
|
35 |
@@ -86,8 +91,9 @@ |
dd17ecf751c3
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
2223
diff
changeset
|
36 |
|
dd17ecf751c3
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
2223
diff
changeset
|
37 |
# SSL Protocol support: |
dd17ecf751c3
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
2223
diff
changeset
|
38 |
# List the protocol versions which clients are allowed to |
dd17ecf751c3
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
2223
diff
changeset
|
39 |
-# connect with. Disable SSLv2 by default (cf. RFC 6176). |
dd17ecf751c3
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
2223
diff
changeset
|
40 |
-SSLProtocol all -SSLv2 |
dd17ecf751c3
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
2223
diff
changeset
|
41 |
+# connect with. SSLv2 and SSLv3 are disabled by default and |
dd17ecf751c3
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
2223
diff
changeset
|
42 |
+# and must be enabled below if really needed. |
dd17ecf751c3
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
2223
diff
changeset
|
43 |
+SSLProtocol all |
dd17ecf751c3
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
2223
diff
changeset
|
44 |
|
dd17ecf751c3
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
2223
diff
changeset
|
45 |
# SSL Cipher Suite: |
dd17ecf751c3
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
2223
diff
changeset
|
46 |
# List the ciphers that the client is permitted to negotiate. |