From 414f3c531e06b8af6fc9ecad316b0b4a9b6116aa Mon Sep 17 00:00:00 2001 From: clyhtsuriva Date: Thu, 7 May 2020 08:51:36 +0200 Subject: useful only --- www/server-config/apache2/mods-available/ssl.conf | 85 ----------------------- 1 file changed, 85 deletions(-) delete mode 100644 www/server-config/apache2/mods-available/ssl.conf (limited to 'www/server-config/apache2/mods-available/ssl.conf') diff --git a/www/server-config/apache2/mods-available/ssl.conf b/www/server-config/apache2/mods-available/ssl.conf deleted file mode 100644 index 1dc4eea..0000000 --- a/www/server-config/apache2/mods-available/ssl.conf +++ /dev/null @@ -1,85 +0,0 @@ - - - # Pseudo Random Number Generator (PRNG): - # Configure one or more sources to seed the PRNG of the SSL library. - # The seed data should be of good random quality. - # WARNING! On some platforms /dev/random blocks if not enough entropy - # is available. This means you then cannot use the /dev/random device - # because it would lead to very long connection times (as long as - # it requires to make more entropy available). But usually those - # platforms additionally provide a /dev/urandom device which doesn't - # block. So, if available, use this one instead. Read the mod_ssl User - # Manual for more details. - # - SSLRandomSeed startup builtin - SSLRandomSeed startup file:/dev/urandom 512 - SSLRandomSeed connect builtin - SSLRandomSeed connect file:/dev/urandom 512 - - ## - ## SSL Global Context - ## - ## All SSL configuration in this context applies both to - ## the main server and all SSL-enabled virtual hosts. - ## - - # - # Some MIME-types for downloading Certificates and CRLs - # - AddType application/x-x509-ca-cert .crt - AddType application/x-pkcs7-crl .crl - - # Pass Phrase Dialog: - # Configure the pass phrase gathering process. - # The filtering dialog program (`builtin' is a internal - # terminal dialog) has to provide the pass phrase on stdout. - SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase - - # Inter-Process Session Cache: - # Configure the SSL Session Cache: First the mechanism - # to use and second the expiring timeout (in seconds). - # (The mechanism dbm has known memory leaks and should not be used). - #SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache - SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000) - SSLSessionCacheTimeout 300 - - # Semaphore: - # Configure the path to the mutual exclusion semaphore the - # SSL engine uses internally for inter-process synchronization. - # (Disabled by default, the global Mutex directive consolidates by default - # this) - #Mutex file:${APACHE_LOCK_DIR}/ssl_mutex ssl-cache - - - # SSL Cipher Suite: - # List the ciphers that the client is permitted to negotiate. See the - # ciphers(1) man page from the openssl package for list of all available - # options. - # Enable only secure ciphers: - SSLCipherSuite HIGH:!aNULL - - # SSL server cipher order preference: - # Use server priorities for cipher algorithm choice. - # Clients may prefer lower grade encryption. You should enable this - # option if you want to enforce stronger encryption, and can afford - # the CPU cost, and did not override SSLCipherSuite in a way that puts - # insecure ciphers first. - # Default: Off - #SSLHonorCipherOrder on - - # The protocols to enable. - # Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2 - # SSL v2 is no longer supported - SSLProtocol all -SSLv3 - - # Allow insecure renegotiation with clients which do not yet support the - # secure renegotiation protocol. Default: Off - #SSLInsecureRenegotiation on - - # Whether to forbid non-SNI clients to access name based virtual hosts. - # Default: Off - #SSLStrictSNIVHostCheck On - - - -# vim: syntax=apache ts=4 sw=4 sts=4 sr noet -- cgit v1.2.3