components/apache2/patches/ssl.conf.patch
author Petr Sumbera <petr.sumbera@oracle.com>
Wed, 01 Apr 2015 05:08:30 -0700
changeset 4052 dd17ecf751c3
parent 2223 2bbd29293854
child 4696 96b9957387bf
permissions -rw-r--r--
20813188 problem in UTILITY/APACHE
Patch origin: in-house
Patch status: Solaris-specific; not suitable for upstream
Patch status: SSLProtocol part will be submitted to upstream

--- docs/conf/extra/httpd-ssl.conf.in
+++ docs/conf/extra/httpd-ssl.conf.in
@@ -22,11 +22,16 @@
 # Manual for more details.
 #
 #SSLRandomSeed startup file:/dev/random  512
-#SSLRandomSeed startup file:/dev/urandom 512
+SSLRandomSeed startup file:/dev/urandom 512
 #SSLRandomSeed connect file:/dev/random  512
-#SSLRandomSeed connect file:/dev/urandom 512
+SSLRandomSeed connect file:/dev/urandom 512
 
+#
+# Enable Solaris crypto framework (recommended for T1/T2/T3 based systems)
+#
+#SSLCryptoDevice pkcs11
 
+
 #
 # When we also provide SSL we have to listen to the 
 # standard HTTP port (see above) and to the HTTPS port
@@ -75,7 +80,7 @@
 
 #   General setup for the virtual host
 DocumentRoot "@[email protected]"
-ServerName www.example.com:@@[email protected]@
+ServerName 127.0.0.1:@@[email protected]@
 ServerAdmin [email protected]
 ErrorLog "@[email protected]/error_log"
 TransferLog "@[email protected]/access_log"
@@ -86,8 +91,9 @@
 
 #   SSL Protocol support:
 #   List the protocol versions which clients are allowed to
-#   connect with. Disable SSLv2 by default (cf. RFC 6176).
-SSLProtocol all -SSLv2
+#   connect with. SSLv2 and SSLv3 are disabled by default and
+#   and must be enabled below if really needed.
+SSLProtocol all
 
 #   SSL Cipher Suite:
 #   List the ciphers that the client is permitted to negotiate.