7149111 Upgrade Apache Web Server to version 2.2.22
7116031 Problem with utility/apache
7108129 Problem with utility/apache
7149106 Problem with utility/apache
7149109 Problem with utility/apache
7149110 Problem with utility/apache
--- a/components/apache2/Makefile Tue Mar 06 10:46:23 2012 -0800
+++ b/components/apache2/Makefile Tue Mar 06 11:23:40 2012 -0800
@@ -18,15 +18,15 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
#
include ../../make-rules/shared-macros.mk
COMPONENT_NAME= httpd
-COMPONENT_VERSION= 2.2.20
+COMPONENT_VERSION= 2.2.22
COMPONENT_SRC= $(COMPONENT_NAME)-$(COMPONENT_VERSION)
COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz
-COMPONENT_ARCHIVE_HASH= sha1:5e670636e17286b7ae5ade5b7f5e21e686559e5a
+COMPONENT_ARCHIVE_HASH= sha1:bf3bbfda967ac900348e697f26fe86b25695efe9
COMPONENT_ARCHIVE_URL= http://archive.apache.org/dist/httpd/$(COMPONENT_ARCHIVE)
CONFIGURE_DEFAULT_DIRS=no
--- a/components/apache2/apache-22.p5m Tue Mar 06 10:46:23 2012 -0800
+++ b/components/apache2/apache-22.p5m Tue Mar 06 11:23:40 2012 -0800
@@ -18,7 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
#
<transform file path=usr.*/man/.+ -> default mangler.man.stability uncommitted>
set name=pkg.fmri \
@@ -66,6 +66,7 @@
dir path=usr/bin/$(MACH64)
dir path=usr/share
dir path=usr/share/man
+dir path=usr/share/man/man1
dir path=usr/share/man/man1m
dir path=usr/share/man/man8
dir path=var
@@ -347,16 +348,17 @@
file path=usr/apache2/2.2/libexec/mod_usertrack.so
file path=usr/apache2/2.2/libexec/mod_version.so
file path=usr/apache2/2.2/libexec/mod_vhost_alias.so
+file path=usr/apache2/2.2/man/man1/ab.1
+file path=usr/apache2/2.2/man/man1/apxs.1
file path=usr/apache2/2.2/man/man1/dbmmanage.1
file path=usr/apache2/2.2/man/man1/htdbm.1
+file path=usr/apache2/2.2/man/man1/httxt2dbm.1
file path=usr/apache2/2.2/man/man1/htdigest.1
file path=usr/apache2/2.2/man/man1/htpasswd.1
-file path=usr/apache2/2.2/man/man8/ab.8
+file path=usr/apache2/2.2/man/man1/logresolve.1
file path=usr/apache2/2.2/man/man8/apachectl.8
-file path=usr/apache2/2.2/man/man8/apxs.8
file path=usr/apache2/2.2/man/man8/htcacheclean.8
file path=usr/apache2/2.2/man/man8/httpd.8
-file path=usr/apache2/2.2/man/man8/logresolve.8
file path=usr/apache2/2.2/man/man8/rotatelogs.8
file path=usr/apache2/2.2/man/man8/suexec.8
file Solaris/apache2.1m.sunman path=usr/share/man/man1m/apache2.1m
@@ -631,12 +633,17 @@
link path=usr/bin/httxt2dbm target=../apache2/2.2/bin/httxt2dbm
link path=usr/bin/logresolve target=../apache2/2.2/bin/logresolve
link path=usr/bin/rotatelogs target=../apache2/2.2/bin/rotatelogs
-link path=usr/share/man/man8/ab.8 target=../../../apache2/2.2/man/man8/ab.8
+link path=usr/share/man/man1/ab.1 target=../../../apache2/2.2/man/man1/ab.1
+link path=usr/share/man/man1/apxs.1 target=../../../apache2/2.2/man/man1/apxs.1
+link path=usr/share/man/man1/dbmmanage.1 target=../../../apache2/2.2/man/man1/dbmmanage.1
+link path=usr/share/man/man1/htdbm.1 target=../../../apache2/2.2/man/man1/htdbm.1
+link path=usr/share/man/man1/httxt2dbm.1 target=../../../apache2/2.2/man/man1/httxt2dbm.1
+link path=usr/share/man/man1/htdigest.1 target=../../../apache2/2.2/man/man1/htdigest.1
+link path=usr/share/man/man1/htpasswd.1 target=../../../apache2/2.2/man/man1/htpasswd.1
+link path=usr/share/man/man1/logresolve.1 target=../../../apache2/2.2/man/man1/logresolve.1
link path=usr/share/man/man8/apachectl.8 target=../../../apache2/2.2/man/man8/apachectl.8
-link path=usr/share/man/man8/apxs.8 target=../../../apache2/2.2/man/man8/apxs.8
link path=usr/share/man/man8/htcacheclean.8 target=../../../apache2/2.2/man/man8/htcacheclean.8
link path=usr/share/man/man8/httpd.8 target=../../../apache2/2.2/man/man8/httpd.8
-link path=usr/share/man/man8/logresolve.8 target=../../../apache2/2.2/man/man8/logresolve.8
link path=usr/share/man/man8/rotatelogs.8 target=../../../apache2/2.2/man/man8/rotatelogs.8
link path=usr/share/man/man8/suexec.8 target=../../../apache2/2.2/man/man8/suexec.8
link path=var/apache2/2.2/libexec/64 target=$(MACH64)
--- a/components/apache2/documentation.p5m Tue Mar 06 10:46:23 2012 -0800
+++ b/components/apache2/documentation.p5m Tue Mar 06 11:23:40 2012 -0800
@@ -18,7 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
#
<transform dir file link hardlink path=usr/apache2/2.2/manual(/.+){0,1}$ -> \
default facet.doc.html true>
@@ -254,6 +254,7 @@
file path=usr/apache2/2.2/manual/license.html.en
file path=usr/apache2/2.2/manual/logs.html
file path=usr/apache2/2.2/manual/logs.html.en
+file path=usr/apache2/2.2/manual/logs.html.fr
file path=usr/apache2/2.2/manual/logs.html.ja.utf8
file path=usr/apache2/2.2/manual/logs.html.ko.euc-kr
file path=usr/apache2/2.2/manual/logs.html.tr.utf8
@@ -528,11 +529,14 @@
file path=usr/apache2/2.2/manual/mod/mod_proxy_connect.html.ja.utf8
file path=usr/apache2/2.2/manual/mod/mod_proxy_ftp.html
file path=usr/apache2/2.2/manual/mod/mod_proxy_ftp.html.en
+file path=usr/apache2/2.2/manual/mod/mod_proxy_ftp.html.ja.utf8
file path=usr/apache2/2.2/manual/mod/mod_proxy_http.html
file path=usr/apache2/2.2/manual/mod/mod_proxy_http.html.en
file path=usr/apache2/2.2/manual/mod/mod_proxy_http.html.fr
+file path=usr/apache2/2.2/manual/mod/mod_proxy_http.html.ja.utf8
file path=usr/apache2/2.2/manual/mod/mod_proxy_scgi.html
file path=usr/apache2/2.2/manual/mod/mod_proxy_scgi.html.en
+file path=usr/apache2/2.2/manual/mod/mod_proxy_scgi.html.ja.utf8
file path=usr/apache2/2.2/manual/mod/mod_reqtimeout.html
file path=usr/apache2/2.2/manual/mod/mod_reqtimeout.html.en
file path=usr/apache2/2.2/manual/mod/mod_rewrite.html
@@ -643,6 +647,7 @@
file path=usr/apache2/2.2/manual/new_features_2_2.html
file path=usr/apache2/2.2/manual/new_features_2_2.html.en
file path=usr/apache2/2.2/manual/new_features_2_2.html.fr
+file path=usr/apache2/2.2/manual/new_features_2_2.html.ja.utf8
file path=usr/apache2/2.2/manual/new_features_2_2.html.ko.euc-kr
file path=usr/apache2/2.2/manual/new_features_2_2.html.pt-br
file path=usr/apache2/2.2/manual/new_features_2_2.html.tr.utf8
@@ -710,6 +715,7 @@
file path=usr/apache2/2.2/manual/programs/index.html
file path=usr/apache2/2.2/manual/programs/index.html.en
file path=usr/apache2/2.2/manual/programs/index.html.es
+file path=usr/apache2/2.2/manual/programs/index.html.ja.utf8
file path=usr/apache2/2.2/manual/programs/index.html.ko.euc-kr
file path=usr/apache2/2.2/manual/programs/index.html.ru.koi8-r
file path=usr/apache2/2.2/manual/programs/index.html.tr.utf8
@@ -815,6 +821,7 @@
file path=usr/apache2/2.2/manual/upgrading.html.de
file path=usr/apache2/2.2/manual/upgrading.html.en
file path=usr/apache2/2.2/manual/upgrading.html.fr
+file path=usr/apache2/2.2/manual/upgrading.html.ja.utf8
file path=usr/apache2/2.2/manual/urlmapping.html
file path=usr/apache2/2.2/manual/urlmapping.html.en
file path=usr/apache2/2.2/manual/urlmapping.html.ja.utf8--- a/components/apache2/patches/CVE-2011-3348.patch Tue Mar 06 10:46:23 2012 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,19 +0,0 @@
- *) SECURITY: CVE-2011-3348 (cve.mitre.org)
- mod_proxy_ajp: Respond with HTTP_NOT_IMPLEMENTED when the method is not
- recognized. [Jean-Frederic Clere]
-
-http://svn.apache.org/viewvc?view=revision&sortby=date&revision=1167158
-
---- modules/proxy/mod_proxy_ajp.c 2011/09/09 13:30:49 1167157
-+++ modules/proxy/mod_proxy_ajp.c 2011/09/09 13:31:06 1167158
[email protected]@ -214,7 +214,9 @@
- conn->worker->hostname);
- if (status == AJP_EOVERFLOW)
- return HTTP_BAD_REQUEST;
-- else {
-+ else if (status == AJP_EBAD_METHOD) {
-+ return HTTP_NOT_IMPLEMENTED;
-+ } else {
- /*
- * This is only non fatal when the method is idempotent. In this
- * case we can dare to retry it with a different worker if we are--- a/components/apache2/patches/CVE-2011-3368.patch Tue Mar 06 10:46:23 2012 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,34 +0,0 @@
-
-SECURITY (CVE-2011-3368): Prevent unintended pattern expansion in some
-reverse proxy configurations by strictly validating the request-URI.
-
-http://svn.apache.org/viewvc?rev=1179239&view=rev
-
---- server/protocol.c
-+++ server/protocol.c
[email protected]@ -640,6 +640,25 @@
-
- ap_parse_uri(r, uri);
-
-+ /* RFC 2616:
-+ * Request-URI = "*" | absoluteURI | abs_path | authority
-+ *
-+ * authority is a special case for CONNECT. If the request is not
-+ * using CONNECT, and the parsed URI does not have scheme, and
-+ * it does not begin with '/', and it is not '*', then, fail
-+ * and give a 400 response. */
-+ if (r->method_number != M_CONNECT
-+ && !r->parsed_uri.scheme
-+ && uri[0] != '/'
-+ && !(uri[0] == '*' && uri[1] == '\0')) {
-+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-+ "invalid request-URI %s", uri);
-+ r->args = NULL;
-+ r->hostname = NULL;
-+ r->status = HTTP_BAD_REQUEST;
-+ r->uri = apr_pstrdup(r->pool, uri);
-+ }
-+
- if (ll[0]) {
- r->assbackwards = 0;
- pro = ll;--- a/components/apache2/patches/r1165607.patch Tue Mar 06 10:46:23 2012 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,278 +0,0 @@
-Jeff Trawick <[email protected]>
-Subject [PATCH] byterange patch for 2.2.20
-Date Thu, 08 Sep 2011 15:16:11 GMT
-
-Here's what I have at present:
-http://people.apache.org/~trawick/2.2.20-byterange-fixes.txt
-
-(compiled-in max ranges, uses same AP_ symbol as 2.2.21 even though
-the compiled-in version isn't the same type of "DEFAULT")
-
---- modules/http/byterange_filter.c.orig 2011-09-08 11:03:54.000000000 -0400
-+++ modules/http/byterange_filter.c 2011-09-08 11:02:36.000000000 -0400
[email protected]@ -55,6 +55,10 @@
- #include <unistd.h>
- #endif
-
-+#ifndef AP_DEFAULT_MAX_RANGES
-+#define AP_DEFAULT_MAX_RANGES 200
-+#endif
-+
- static int ap_set_byterange(request_rec *r, apr_off_t clength,
- apr_array_header_t **indexes);
-
[email protected]@ -83,8 +87,6 @@
- apr_bucket *first = NULL, *last = NULL, *out_first = NULL, *e;
- apr_uint64_t pos = 0, off_first = 0, off_last = 0;
- apr_status_t rv;
-- const char *s;
-- apr_size_t len;
- apr_uint64_t start64, end64;
- apr_off_t pofft = 0;
-
[email protected]@ -136,44 +138,10 @@
- if (e == first) {
- if (off_first != start64) {
- rv = apr_bucket_split(copy, (apr_size_t)(start64 - off_first));
-- if (rv == APR_ENOTIMPL) {
-- rv = apr_bucket_read(copy, &s, &len, APR_BLOCK_READ);
-- if (rv != APR_SUCCESS) {
-- apr_brigade_cleanup(bbout);
-- return rv;
-- }
-- /*
-- * The read above might have morphed copy in a bucket
-- * of shorter length. So read and delete until we reached
-- * the correct bucket for splitting.
-- */
-- while (start64 - off_first > (apr_uint64_t)copy->length) {
-- apr_bucket *tmp = APR_BUCKET_NEXT(copy);
-- off_first += (apr_uint64_t)copy->length;
-- APR_BUCKET_REMOVE(copy);
-- apr_bucket_destroy(copy);
-- copy = tmp;
-- rv = apr_bucket_read(copy, &s, &len, APR_BLOCK_READ);
-- if (rv != APR_SUCCESS) {
-- apr_brigade_cleanup(bbout);
-- return rv;
-- }
-- }
-- if (start64 > off_first) {
-- rv = apr_bucket_split(copy, (apr_size_t)(start64 - off_first));
- if (rv != APR_SUCCESS) {
- apr_brigade_cleanup(bbout);
- return rv;
- }
-- }
-- else {
-- copy = APR_BUCKET_PREV(copy);
-- }
-- }
-- else if (rv != APR_SUCCESS) {
-- apr_brigade_cleanup(bbout);
-- return rv;
-- }
- out_first = APR_BUCKET_NEXT(copy);
- APR_BUCKET_REMOVE(copy);
- apr_bucket_destroy(copy);
[email protected]@ -189,38 +157,10 @@
- }
- if (end64 - off_last != (apr_uint64_t)e->length) {
- rv = apr_bucket_split(copy, (apr_size_t)(end64 + 1 - off_last));
-- if (rv == APR_ENOTIMPL) {
-- rv = apr_bucket_read(copy, &s, &len, APR_BLOCK_READ);
- if (rv != APR_SUCCESS) {
- apr_brigade_cleanup(bbout);
- return rv;
- }
-- /*
-- * The read above might have morphed copy in a bucket
-- * of shorter length. So read until we reached
-- * the correct bucket for splitting.
-- */
-- while (end64 + 1 - off_last > (apr_uint64_t)copy->length) {
-- off_last += (apr_uint64_t)copy->length;
-- copy = APR_BUCKET_NEXT(copy);
-- rv = apr_bucket_read(copy, &s, &len, APR_BLOCK_READ);
-- if (rv != APR_SUCCESS) {
-- apr_brigade_cleanup(bbout);
-- return rv;
-- }
-- }
-- if (end64 < off_last + (apr_uint64_t)copy->length - 1) {
-- rv = apr_bucket_split(copy, end64 + 1 - off_last);
-- if (rv != APR_SUCCESS) {
-- apr_brigade_cleanup(bbout);
-- return rv;
-- }
-- }
-- }
-- else if (rv != APR_SUCCESS) {
-- apr_brigade_cleanup(bbout);
-- return rv;
-- }
- copy = APR_BUCKET_NEXT(copy);
- if (copy != APR_BRIGADE_SENTINEL(bbout)) {
- APR_BUCKET_REMOVE(copy);
[email protected]@ -243,6 +183,20 @@
- apr_off_t end;
- } indexes_t;
-
-+static apr_status_t send_416(ap_filter_t *f, apr_bucket_brigade *tmpbb)
-+{
-+ apr_bucket *e;
-+ conn_rec *c = f->r->connection;
-+ ap_remove_output_filter(f);
-+ f->r->status = HTTP_OK;
-+ e = ap_bucket_error_create(HTTP_RANGE_NOT_SATISFIABLE, NULL,
-+ f->r->pool, c->bucket_alloc);
-+ APR_BRIGADE_INSERT_TAIL(tmpbb, e);
-+ e = apr_bucket_eos_create(c->bucket_alloc);
-+ APR_BRIGADE_INSERT_TAIL(tmpbb, e);
-+ return ap_pass_brigade(f->next, tmpbb);
-+}
-+
- AP_CORE_DECLARE_NONSTD(apr_status_t) ap_byterange_filter(ap_filter_t *f,
- apr_bucket_brigade *bb)
- {
[email protected]@ -290,17 +244,23 @@
- num_ranges = ap_set_byterange(r, clength, &indexes);
-
- /* We have nothing to do, get out of the way. */
-- if (num_ranges == 0) {
-+ if (num_ranges == 0 || (AP_DEFAULT_MAX_RANGES >= 0 && num_ranges > AP_DEFAULT_MAX_RANGES)) {
- r->status = original_status;
- ap_remove_output_filter(f);
- return ap_pass_brigade(f->next, bb);
- }
-
-+ /* this brigade holds what we will be sending */
-+ bsend = apr_brigade_create(r->pool, c->bucket_alloc);
-+
-+ if (num_ranges < 0)
-+ return send_416(f, bsend);
-+
- if (num_ranges > 1) {
- /* Is ap_make_content_type required here? */
- const char *orig_ct = ap_make_content_type(r, r->content_type);
- boundary = apr_psprintf(r->pool, "%" APR_UINT64_T_HEX_FMT "%lx",
-- (apr_uint64_t)r->request_time, (long) getpid());
-+ (apr_uint64_t)r->request_time, c->id);
-
- ap_set_content_type(r, apr_pstrcat(r->pool, "multipart",
- use_range_x(r) ? "/x-" : "/",
[email protected]@ -325,8 +285,6 @@
- ap_xlate_proto_to_ascii(bound_head, strlen(bound_head));
- }
-
-- /* this brigade holds what we will be sending */
-- bsend = apr_brigade_create(r->pool, c->bucket_alloc);
- tmpbb = apr_brigade_create(r->pool, c->bucket_alloc);
-
- idx = (indexes_t *)indexes->elts;
[email protected]@ -384,15 +342,8 @@
- }
-
- if (found == 0) {
-- ap_remove_output_filter(f);
-- r->status = HTTP_OK;
- /* bsend is assumed to be empty if we get here. */
-- e = ap_bucket_error_create(HTTP_RANGE_NOT_SATISFIABLE, NULL,
-- r->pool, c->bucket_alloc);
-- APR_BRIGADE_INSERT_TAIL(bsend, e);
-- e = apr_bucket_eos_create(c->bucket_alloc);
-- APR_BRIGADE_INSERT_TAIL(bsend, e);
-- return ap_pass_brigade(f->next, bsend);
-+ return send_416(f, bsend);
- }
-
- if (num_ranges > 1) {
[email protected]@ -424,7 +375,7 @@
- const char *match;
- const char *ct;
- char *cur;
-- int num_ranges = 0;
-+ int num_ranges = 0, unsatisfiable = 0;
- apr_off_t sum_lengths = 0;
- indexes_t *idx;
- int ranges = 1;
[email protected]@ -497,14 +448,25 @@
- char *errp;
- apr_off_t number, start, end;
-
-- if (!(dash = strchr(cur, '-'))) {
-+ if (!*cur)
- break;
-+
-+ /*
-+ * Per RFC 2616 14.35.1: If there is at least one syntactically invalid
-+ * byte-range-spec, we must ignore the whole header.
-+ */
-+
-+ if (!(dash = strchr(cur, '-'))) {
-+ return 0;
- }
-
-- if (dash == range) {
-+ if (dash == cur) {
- /* In the form "-5" */
- if (apr_strtoff(&number, dash+1, &errp, 10) || *errp) {
-- break;
-+ return 0;
-+ }
-+ if (number < 1) {
-+ return 0;
- }
- start = clength - number;
- end = clength - 1;
[email protected]@ -512,14 +474,17 @@
- else {
- *dash++ = '\0';
- if (apr_strtoff(&number, cur, &errp, 10) || *errp) {
-- break;
-+ return 0;
- }
- start = number;
- if (*dash) {
- if (apr_strtoff(&number, dash, &errp, 10) || *errp) {
-- break;
-+ return 0;
- }
- end = number;
-+ if (start > end) {
-+ return 0;
-+ }
- }
- else { /* "5-" */
- end = clength - 1;
[email protected]@ -529,15 +494,14 @@
- if (start < 0) {
- start = 0;
- }
-+ if (start >= clength) {
-+ unsatisfiable = 1;
-+ continue;
-+ }
- if (end >= clength) {
- end = clength - 1;
- }
-
-- if (start > end) {
-- /* ignore? count? */
-- break;
-- }
--
- idx = (indexes_t *)apr_array_push(*indexes);
- idx->start = start;
- idx->end = end;
[email protected]@ -546,6 +510,10 @@
- num_ranges++;
- }
-
-+ if (num_ranges == 0 && unsatisfiable) {
-+ /* If all ranges are unsatisfiable, we should return 416 */
-+ return -1;
-+ }
- if (sum_lengths >= clength) {
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
- "Sum of ranges not smaller than file, ignoring.");--- a/components/apache2/patches/ssl.conf.patch Tue Mar 06 10:46:23 2012 -0800
+++ b/components/apache2/patches/ssl.conf.patch Tue Mar 06 11:23:40 2012 -0800
@@ -1,6 +1,6 @@
---- docs/conf/extra/httpd-ssl.conf.in.orig Thu May 12 11:44:53 2011
-+++ docs/conf/extra/httpd-ssl.conf.in Thu May 12 11:46:45 2011
[email protected]@ -22,9 +22,10 @@
+--- docs/conf/extra/httpd-ssl.conf.in Wed Jan 4 12:10:40 2012
++++ docs/conf/extra/httpd-ssl.conf.in Mon Feb 27 07:09:48 2012
[email protected]@ -22,11 +22,16 @@
# Manual for more details.
#
#SSLRandomSeed startup file:/dev/random 512
@@ -9,11 +9,17 @@
#SSLRandomSeed connect file:/dev/random 512
-#SSLRandomSeed connect file:/dev/urandom 512
+SSLRandomSeed connect file:/dev/urandom 512
+
++#
++# Enable Solaris crypto framework
++#
+SSLCryptoDevice pkcs11
-
++
#
[email protected]@ -75,7 +76,7 @@
+ # When we also provide SSL we have to listen to the
+ # standard HTTP port (see above) and to the HTTPS port
[email protected]@ -75,7 +80,7 @@
# General setup for the virtual host
DocumentRoot "@[email protected]"
@@ -22,17 +28,3 @@
ServerAdmin [email protected]
ErrorLog "@[email protected]/error_log"
TransferLog "@[email protected]/access_log"
[email protected]@ -87,8 +88,12 @@
- # SSL Cipher Suite:
- # List the ciphers that the client is permitted to negotiate.
- # See the mod_ssl documentation for a complete list.
--SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
-+# AES with keylengths > 128 bit is not supported by default on Solaris.
-+# To operate with AES256 you must install the SUNWcry and SUNWcryr
-+# packages from the Solaris 10 Data Encryption Kit.
-+SSLCipherSuite ALL:!ADH:!EXPORT56:-AES256-SHA:-DHE-RSA-AES256-SHA:-DHE-DSS-AES256-SHA:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
-
-+
- # Server Certificate:
- # Point SSLCertificateFile at a PEM encoded certificate. If
- # the certificate is encrypted, then you will be prompted for a