1 Patch origin: in-house |
1 Patch origin: in-house |
2 Patch status: Solaris-specific; not suitable for upstream |
2 Patch status: Solaris-specific; not suitable for upstream |
|
3 Patch status: SSLProtocol part submitted to upstream |
|
4 |
|
5 https://bz.apache.org/bugzilla/show_bug.cgi?id=57120 |
3 |
6 |
4 --- docs/conf/extra/httpd-ssl.conf.in |
7 --- docs/conf/extra/httpd-ssl.conf.in |
5 +++ docs/conf/extra/httpd-ssl.conf.in |
8 +++ docs/conf/extra/httpd-ssl.conf.in |
6 @@ -24,9 +24,9 @@ |
9 @@ -24,9 +24,9 @@ |
7 # Manual for more details. |
10 # Manual for more details. |
22 +# Enable FIPS 140 mode, this requires the openssl pkg mediator |
25 +# Enable FIPS 140 mode, this requires the openssl pkg mediator |
23 +# be set to install the fips-140 version of OpenSSL and mod_ssl. |
26 +# be set to install the fips-140 version of OpenSSL and mod_ssl. |
24 +#SSLFIPS on |
27 +#SSLFIPS on |
25 + |
28 + |
26 # SSL Cipher Suite: |
29 # SSL Cipher Suite: |
27 # List the ciphers that the client is permitted to negotiate. |
30 # List the ciphers that the client is permitted to negotiate, |
28 # See the mod_ssl documentation for a complete list. |
31 # and that httpd will negotiate as the client of a proxied server. |
29 @@ -103,7 +107,7 @@ |
32 @@ -73,11 +77,11 @@ |
|
33 |
|
34 # SSL Protocol support: |
|
35 # List the protocol versions which clients are allowed to connect with. |
|
36 -# Disable SSLv3 by default (cf. RFC 7525 3.1.1). TLSv1 (1.0) should be |
|
37 +# SSLv3 is disabled by default (cf. RFC 7525 3.1.1). TLSv1 (1.0) should be |
|
38 # disabled as quickly as practical. By the end of 2016, only the TLSv1.2 |
|
39 # protocol or later should remain in use. |
|
40 -SSLProtocol all -SSLv3 |
|
41 -SSLProxyProtocol all -SSLv3 |
|
42 +SSLProtocol all |
|
43 +SSLProxyProtocol all |
|
44 |
|
45 # Pass Phrase Dialog: |
|
46 # Configure the pass phrase gathering process. |
|
47 @@ -122,7 +126,7 @@ |
30 |
48 |
31 # General setup for the virtual host |
49 # General setup for the virtual host |
32 DocumentRoot "@exp_htdocsdir@" |
50 DocumentRoot "@exp_htdocsdir@" |
33 -ServerName www.example.com:@@SSLPort@@ |
51 -ServerName www.example.com:@@SSLPort@@ |
34 +ServerName 127.0.0.1:@@SSLPort@@ |
52 +ServerName 127.0.0.1:@@SSLPort@@ |