21479636 Upgrade Apache Web Server to version 2.2.31
21479095 problem in UTILITY/APACHE
Patch origin: in-house
Patch status: Solaris-specific; not suitable for upstream
Patch status: SSLProtocol part submitted to upstream
https://bz.apache.org/bugzilla/show_bug.cgi?id=57120
--- docs/conf/extra/httpd-ssl.conf.in
+++ docs/conf/extra/httpd-ssl.conf.in
@@ -22,9 +22,14 @@
# Manual for more details.
#
#SSLRandomSeed startup file:/dev/random 512
-#SSLRandomSeed startup file:/dev/urandom 512
+SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random 512
-#SSLRandomSeed connect file:/dev/urandom 512
+SSLRandomSeed connect file:/dev/urandom 512
+
+#
+# Enable Solaris crypto framework (recommended for T1/T2/T3 based systems)
+#
+#SSLCryptoDevice pkcs11
#
@@ -80,11 +85,11 @@
# SSL Protocol support:
# List the protocol versions which clients are allowed to connect with.
-# Disable SSLv2 and SSLv3 by default (cf. RFC 7525 3.1.1). TLSv1 (1.0)
+# SSLv2 and SSLv3 are disabled by default (cf. RFC 7525 3.1.1). TLSv1 (1.0)
# should be disabled as quickly as practical. By the end of 2016, only
# the TLSv1.2 protocol or later should remain in use.
-SSLProtocol all -SSLv2 -SSLv3
-SSLProxyProtocol all -SSLv2 -SSLv3
+SSLProtocol all
+SSLProxyProtocol all
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
@@ -112,7 +117,7 @@
# General setup for the virtual host
DocumentRoot "@exp_htdocsdir@"
-ServerName www.example.com:@@SSLPort@@
+ServerName 127.0.0.1:@@SSLPort@@
ServerAdmin [email protected]
ErrorLog "@exp_logfiledir@/error_log"
TransferLog "@exp_logfiledir@/access_log"