components/apache2/patches/ssl.conf.patch
author Petr Sumbera <petr.sumbera@oracle.com>
Thu, 02 Jun 2011 00:54:08 -0700
changeset 278 77b380ba9d84
child 714 b205ca9f0d84
permissions -rw-r--r--
7045614 Move Apache Web server to userland 6844584 mod_perl packaging improvements
--- docs/conf/extra/httpd-ssl.conf.in.orig	Thu May 12 11:44:53 2011
+++ docs/conf/extra/httpd-ssl.conf.in	Thu May 12 11:46:45 2011
@@ -22,9 +22,10 @@
 # Manual for more details.
 #
 #SSLRandomSeed startup file:/dev/random  512
-#SSLRandomSeed startup file:/dev/urandom 512
+SSLRandomSeed startup file:/dev/urandom 512
 #SSLRandomSeed connect file:/dev/random  512
-#SSLRandomSeed connect file:/dev/urandom 512
+SSLRandomSeed connect file:/dev/urandom 512
+SSLCryptoDevice pkcs11
 
 
 #
@@ -75,7 +76,7 @@
 
 #   General setup for the virtual host
 DocumentRoot "@[email protected]"
-ServerName www.example.com:@@[email protected]@
+ServerName 127.0.0.1:@@[email protected]@
 ServerAdmin [email protected]
 ErrorLog "@[email protected]/error_log"
 TransferLog "@[email protected]/access_log"
@@ -87,8 +88,12 @@
 #   SSL Cipher Suite:
 #   List the ciphers that the client is permitted to negotiate.
 #   See the mod_ssl documentation for a complete list.
-SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+#   AES with keylengths > 128 bit is not supported by default on Solaris.
+#   To operate with AES256 you must install the SUNWcry and SUNWcryr
+#   packages from the Solaris 10 Data Encryption Kit.
+SSLCipherSuite ALL:!ADH:!EXPORT56:-AES256-SHA:-DHE-RSA-AES256-SHA:-DHE-DSS-AES256-SHA:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
 
+
 #   Server Certificate:
 #   Point SSLCertificateFile at a PEM encoded certificate.  If
 #   the certificate is encrypted, then you will be prompted for a