1 --- docs/conf/extra/httpd-ssl.conf.in.orig Thu May 12 11:44:53 2011 |
1 --- docs/conf/extra/httpd-ssl.conf.in Wed Jan 4 12:10:40 2012 |
2 +++ docs/conf/extra/httpd-ssl.conf.in Thu May 12 11:46:45 2011 |
2 +++ docs/conf/extra/httpd-ssl.conf.in Mon Feb 27 07:09:48 2012 |
3 @@ -22,9 +22,10 @@ |
3 @@ -22,11 +22,16 @@ |
4 # Manual for more details. |
4 # Manual for more details. |
5 # |
5 # |
6 #SSLRandomSeed startup file:/dev/random 512 |
6 #SSLRandomSeed startup file:/dev/random 512 |
7 -#SSLRandomSeed startup file:/dev/urandom 512 |
7 -#SSLRandomSeed startup file:/dev/urandom 512 |
8 +SSLRandomSeed startup file:/dev/urandom 512 |
8 +SSLRandomSeed startup file:/dev/urandom 512 |
9 #SSLRandomSeed connect file:/dev/random 512 |
9 #SSLRandomSeed connect file:/dev/random 512 |
10 -#SSLRandomSeed connect file:/dev/urandom 512 |
10 -#SSLRandomSeed connect file:/dev/urandom 512 |
11 +SSLRandomSeed connect file:/dev/urandom 512 |
11 +SSLRandomSeed connect file:/dev/urandom 512 |
|
12 |
|
13 +# |
|
14 +# Enable Solaris crypto framework |
|
15 +# |
12 +SSLCryptoDevice pkcs11 |
16 +SSLCryptoDevice pkcs11 |
13 |
17 |
14 |
18 + |
15 # |
19 # |
16 @@ -75,7 +76,7 @@ |
20 # When we also provide SSL we have to listen to the |
|
21 # standard HTTP port (see above) and to the HTTPS port |
|
22 @@ -75,7 +80,7 @@ |
17 |
23 |
18 # General setup for the virtual host |
24 # General setup for the virtual host |
19 DocumentRoot "@exp_htdocsdir@" |
25 DocumentRoot "@exp_htdocsdir@" |
20 -ServerName www.example.com:@@SSLPort@@ |
26 -ServerName www.example.com:@@SSLPort@@ |
21 +ServerName 127.0.0.1:@@SSLPort@@ |
27 +ServerName 127.0.0.1:@@SSLPort@@ |
22 ServerAdmin [email protected] |
28 ServerAdmin [email protected] |
23 ErrorLog "@exp_logfiledir@/error_log" |
29 ErrorLog "@exp_logfiledir@/error_log" |
24 TransferLog "@exp_logfiledir@/access_log" |
30 TransferLog "@exp_logfiledir@/access_log" |
25 @@ -87,8 +88,12 @@ |
|
26 # SSL Cipher Suite: |
|
27 # List the ciphers that the client is permitted to negotiate. |
|
28 # See the mod_ssl documentation for a complete list. |
|
29 -SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL |
|
30 +# AES with keylengths > 128 bit is not supported by default on Solaris. |
|
31 +# To operate with AES256 you must install the SUNWcry and SUNWcryr |
|
32 +# packages from the Solaris 10 Data Encryption Kit. |
|
33 +SSLCipherSuite ALL:!ADH:!EXPORT56:-AES256-SHA:-DHE-RSA-AES256-SHA:-DHE-DSS-AES256-SHA:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL |
|
34 |
|
35 + |
|
36 # Server Certificate: |
|
37 # Point SSLCertificateFile at a PEM encoded certificate. If |
|
38 # the certificate is encrypted, then you will be prompted for a |
|