Patch origin: in-house
Patch status: Solaris-specific; not suitable for upstream
Patch status: SSLProtocol part will be submitted to upstream

--- docs/conf/extra/httpd-ssl.conf.in
+++ docs/conf/extra/httpd-ssl.conf.in
@@ -22,11 +22,16 @@
 # Manual for more details.
 #
 #SSLRandomSeed startup file:/dev/random  512
-#SSLRandomSeed startup file:/dev/urandom 512
+SSLRandomSeed startup file:/dev/urandom 512
 #SSLRandomSeed connect file:/dev/random  512
-#SSLRandomSeed connect file:/dev/urandom 512
+SSLRandomSeed connect file:/dev/urandom 512
 
+#
+# Enable Solaris crypto framework (recommended for T1/T2/T3 based systems)
+#
+#SSLCryptoDevice pkcs11
 
+
 #
 # When we also provide SSL we have to listen to the 
 # standard HTTP port (see above) and to the HTTPS port
@@ -75,7 +80,7 @@
 
 #   General setup for the virtual host
 DocumentRoot "@exp_htdocsdir@"
-ServerName www.example.com:@@SSLPort@@
+ServerName 127.0.0.1:@@SSLPort@@
 ServerAdmin [email protected]
 ErrorLog "@exp_logfiledir@/error_log"
 TransferLog "@exp_logfiledir@/access_log"
@@ -86,8 +91,9 @@
 
 #   SSL Protocol support:
 #   List the protocol versions which clients are allowed to
-#   connect with. Disable SSLv2 by default (cf. RFC 6176).
-SSLProtocol all -SSLv2
+#   connect with. SSLv2 and SSLv3 are disabled by default and
+#   and must be enabled below if really needed.
+SSLProtocol all
 
 #   SSL Cipher Suite:
 #   List the ciphers that the client is permitted to negotiate.