components/apache2/patches/ssl.conf.patch
changeset 714 b205ca9f0d84
parent 278 77b380ba9d84
child 2223 2bbd29293854
--- a/components/apache2/patches/ssl.conf.patch	Wed Feb 29 11:01:07 2012 -0800
+++ b/components/apache2/patches/ssl.conf.patch	Wed Feb 29 12:08:58 2012 -0800
@@ -1,6 +1,6 @@
---- docs/conf/extra/httpd-ssl.conf.in.orig	Thu May 12 11:44:53 2011
-+++ docs/conf/extra/httpd-ssl.conf.in	Thu May 12 11:46:45 2011
[email protected]@ -22,9 +22,10 @@
+--- docs/conf/extra/httpd-ssl.conf.in	Wed Jan  4 12:10:40 2012
++++ docs/conf/extra/httpd-ssl.conf.in	Mon Feb 27 07:09:48 2012
[email protected]@ -22,11 +22,16 @@
  # Manual for more details.
  #
  #SSLRandomSeed startup file:/dev/random  512
@@ -9,11 +9,17 @@
  #SSLRandomSeed connect file:/dev/random  512
 -#SSLRandomSeed connect file:/dev/urandom 512
 +SSLRandomSeed connect file:/dev/urandom 512
+ 
++#
++# Enable Solaris crypto framework
++#
 +SSLCryptoDevice pkcs11
  
- 
++
  #
[email protected]@ -75,7 +76,7 @@
+ # When we also provide SSL we have to listen to the 
+ # standard HTTP port (see above) and to the HTTPS port
[email protected]@ -75,7 +80,7 @@
  
  #   General setup for the virtual host
  DocumentRoot "@[email protected]"
@@ -22,17 +28,3 @@
  ServerAdmin [email protected]
  ErrorLog "@[email protected]/error_log"
  TransferLog "@[email protected]/access_log"
[email protected]@ -87,8 +88,12 @@
- #   SSL Cipher Suite:
- #   List the ciphers that the client is permitted to negotiate.
- #   See the mod_ssl documentation for a complete list.
--SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
-+#   AES with keylengths > 128 bit is not supported by default on Solaris.
-+#   To operate with AES256 you must install the SUNWcry and SUNWcryr
-+#   packages from the Solaris 10 Data Encryption Kit.
-+SSLCipherSuite ALL:!ADH:!EXPORT56:-AES256-SHA:-DHE-RSA-AES256-SHA:-DHE-DSS-AES256-SHA:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
- 
-+
- #   Server Certificate:
- #   Point SSLCertificateFile at a PEM encoded certificate.  If
- #   the certificate is encrypted, then you will be prompted for a