upstream/oracle/userland-gate: components/apache2/patches/ssl.conf.patch@0a8849e52e36 (annotated)

2223 2bbd29293854 18764604 Apache should not enable pkcs11 engine by default on T4/T4+ platforms Petr Sumbera <petr.sumbera@oracle.com> parents: 714 diff changeset	1	Patch origin: in-house
2bbd29293854 18764604 Apache should not enable pkcs11 engine by default on T4/T4+ platforms Petr Sumbera <petr.sumbera@oracle.com> parents: 714 diff changeset	2	Patch status: Solaris-specific; not suitable for upstream
4052 dd17ecf751c3 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: 2223 diff changeset	3	Patch status: SSLProtocol part will be submitted to upstream
2223 2bbd29293854 18764604 Apache should not enable pkcs11 engine by default on T4/T4+ platforms Petr Sumbera <petr.sumbera@oracle.com> parents: 714 diff changeset	4
4052 dd17ecf751c3 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: 2223 diff changeset	5	--- docs/conf/extra/httpd-ssl.conf.in
dd17ecf751c3 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: 2223 diff changeset	6	+++ docs/conf/extra/httpd-ssl.conf.in
714 b205ca9f0d84 7149111 Upgrade Apache Web Server to version 2.2.22 Petr Sumbera <petr.sumbera@oracle.com> parents: 278 diff changeset	7	@@ -22,11 +22,16 @@
278 77b380ba9d84 7045614 Move Apache Web server to userland Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	8	# Manual for more details.
77b380ba9d84 7045614 Move Apache Web server to userland Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	9	#
77b380ba9d84 7045614 Move Apache Web server to userland Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	10	#SSLRandomSeed startup file:/dev/random 512
77b380ba9d84 7045614 Move Apache Web server to userland Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	11	-#SSLRandomSeed startup file:/dev/urandom 512
77b380ba9d84 7045614 Move Apache Web server to userland Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	12	+SSLRandomSeed startup file:/dev/urandom 512
77b380ba9d84 7045614 Move Apache Web server to userland Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	13	#SSLRandomSeed connect file:/dev/random 512
77b380ba9d84 7045614 Move Apache Web server to userland Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	14	-#SSLRandomSeed connect file:/dev/urandom 512
77b380ba9d84 7045614 Move Apache Web server to userland Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	15	+SSLRandomSeed connect file:/dev/urandom 512
714 b205ca9f0d84 7149111 Upgrade Apache Web Server to version 2.2.22 Petr Sumbera <petr.sumbera@oracle.com> parents: 278 diff changeset	16
b205ca9f0d84 7149111 Upgrade Apache Web Server to version 2.2.22 Petr Sumbera <petr.sumbera@oracle.com> parents: 278 diff changeset	17	+#
2223 2bbd29293854 18764604 Apache should not enable pkcs11 engine by default on T4/T4+ platforms Petr Sumbera <petr.sumbera@oracle.com> parents: 714 diff changeset	18	+# Enable Solaris crypto framework (recommended for T1/T2/T3 based systems)
714 b205ca9f0d84 7149111 Upgrade Apache Web Server to version 2.2.22 Petr Sumbera <petr.sumbera@oracle.com> parents: 278 diff changeset	19	+#
2223 2bbd29293854 18764604 Apache should not enable pkcs11 engine by default on T4/T4+ platforms Petr Sumbera <petr.sumbera@oracle.com> parents: 714 diff changeset	20	+#SSLCryptoDevice pkcs11
278 77b380ba9d84 7045614 Move Apache Web server to userland Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	21
714 b205ca9f0d84 7149111 Upgrade Apache Web Server to version 2.2.22 Petr Sumbera <petr.sumbera@oracle.com> parents: 278 diff changeset	22	+
278 77b380ba9d84 7045614 Move Apache Web server to userland Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	23	#
714 b205ca9f0d84 7149111 Upgrade Apache Web Server to version 2.2.22 Petr Sumbera <petr.sumbera@oracle.com> parents: 278 diff changeset	24	# When we also provide SSL we have to listen to the
b205ca9f0d84 7149111 Upgrade Apache Web Server to version 2.2.22 Petr Sumbera <petr.sumbera@oracle.com> parents: 278 diff changeset	25	# standard HTTP port (see above) and to the HTTPS port
b205ca9f0d84 7149111 Upgrade Apache Web Server to version 2.2.22 Petr Sumbera <petr.sumbera@oracle.com> parents: 278 diff changeset	26	@@ -75,7 +80,7 @@
278 77b380ba9d84 7045614 Move Apache Web server to userland Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	27
77b380ba9d84 7045614 Move Apache Web server to userland Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	28	# General setup for the virtual host
77b380ba9d84 7045614 Move Apache Web server to userland Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	29	DocumentRoot "@exp_htdocsdir@"
77b380ba9d84 7045614 Move Apache Web server to userland Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	30	-ServerName www.example.com:@@SSLPort@@
77b380ba9d84 7045614 Move Apache Web server to userland Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	31	+ServerName 127.0.0.1:@@SSLPort@@
77b380ba9d84 7045614 Move Apache Web server to userland Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	32	ServerAdmin [email protected]
77b380ba9d84 7045614 Move Apache Web server to userland Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	33	ErrorLog "@exp_logfiledir@/error_log"
77b380ba9d84 7045614 Move Apache Web server to userland Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	34	TransferLog "@exp_logfiledir@/access_log"
4052 dd17ecf751c3 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: 2223 diff changeset	35	@@ -86,8 +91,9 @@
dd17ecf751c3 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: 2223 diff changeset	36
dd17ecf751c3 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: 2223 diff changeset	37	# SSL Protocol support:
dd17ecf751c3 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: 2223 diff changeset	38	# List the protocol versions which clients are allowed to
dd17ecf751c3 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: 2223 diff changeset	39	-# connect with. Disable SSLv2 by default (cf. RFC 6176).
dd17ecf751c3 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: 2223 diff changeset	40	-SSLProtocol all -SSLv2
dd17ecf751c3 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: 2223 diff changeset	41	+# connect with. SSLv2 and SSLv3 are disabled by default and
dd17ecf751c3 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: 2223 diff changeset	42	+# and must be enabled below if really needed.
dd17ecf751c3 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: 2223 diff changeset	43	+SSLProtocol all
dd17ecf751c3 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: 2223 diff changeset	44
dd17ecf751c3 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: 2223 diff changeset	45	# SSL Cipher Suite:
dd17ecf751c3 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: 2223 diff changeset	46	# List the ciphers that the client is permitted to negotiate.

author	Norm Jacobs <Norm.Jacobs@Oracle.COM>
	Wed, 27 May 2015 11:09:36 -0500
changeset 4362	0a8849e52e36
parent 4052	dd17ecf751c3
child 4696	96b9957387bf
permissions	-rw-r--r--