1d3e419a19
- mod_nss-cipherlist_update_for_tls12-doc.diff mod_nss-cipherlist_update_for_tls12.diff GCM mode and Camellia ciphers added to the supported ciphers list. The additional ciphers are: rsa_aes_128_gcm_sha == TLS_RSA_WITH_AES_128_GCM_SHA256 rsa_camellia_128_sha == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA rsa_camellia_256_sha == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA ecdh_ecdsa_aes_128_gcm_sha == TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 ecdhe_ecdsa_aes_128_gcm_sha == TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ecdh_rsa_aes_128_gcm_sha == TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 ecdhe_rsa_aes_128_gcm_sha == TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [bnc#863035] - mod_nss-CVE-2013-4566-NSSVerifyClient.diff fixes CVE-2013-4566: If 'NSSVerifyClient none' is set in the server / vhost context (i.e. when server is configured to not request or require client certificate authentication on the initial connection), and client certificate authentication is expected to be required for a specific directory via 'NSSVerifyClient require' setting, mod_nss fails to properly require certificate authentication. Remote attacker can use this to access content of the restricted directories. [bnc#853039] - glue documentation added to /etc/apache2/conf.d/mod_nss.conf: * simultaneaous usage of mod_ssl and mod_nss * SNI concurrency * SUSE framework for apache configuration, Listen directive * module initialization - mod_nss-conf.patch obsoleted by scratch-version of nss.conf.in or mod_nss.conf, respectively. This also leads to the removal of OBS-URL: https://build.opensuse.org/request/show/222758 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/apache2-mod_nss?expand=0&rev=8
44 lines
1.5 KiB
Plaintext
44 lines
1.5 KiB
Plaintext
# This is /etc/apache2/listen-nss.conf
|
|
#
|
|
# This file is read from /etc/apache2/conf.d/mod_nss.conf ,
|
|
# the starting point for all configuration of mod_nss.
|
|
#
|
|
# Please have a look at the top section of the file
|
|
# /etc/apache2/conf.d/mod_nss.conf for information and
|
|
# instructions about how to enable mod_nss.
|
|
#
|
|
#
|
|
# There are two conditions that have to be met for the Listen directive
|
|
# below to become active:
|
|
# a) The server define "SSL" is present; this means that the apache process
|
|
# is launched with the commandline arguments "-D SSL".
|
|
# b) The nss apache module is loaded, which happens automatically if you add
|
|
# the name of the module ("nss") to the variable APACHE_MODULES in
|
|
# /etc/sysconfig/apache2
|
|
#
|
|
# An equivalent section for mod_ssl (openssl based support for SSL/TLS)
|
|
# is contained in the file /etc/apache2/listen.conf, with the dependency to
|
|
# the module "ssl" loaded ("<IfModule mod_ssl.c>").
|
|
#
|
|
# The difference between this file and listen.conf is that listen.conf is
|
|
# read (included) from apache's main configuration file /etc/apache2/httpd.conf,
|
|
# while _this_ file is included from /etc/apache2/conf.d/mod_nss.conf .
|
|
|
|
<IfDefine SSL>
|
|
<IfDefine !NOSSL>
|
|
# mod_ssl may be active and has triggered the Listen directive for 443.
|
|
# In this case we refrain from doing a second Listen, as the
|
|
# correspondance between the bound port and the VirtualHost does
|
|
# not happen here anyway.
|
|
<IfModule !mod_ssl.c>
|
|
<IfModule mod_nss.c>
|
|
|
|
Listen 443
|
|
|
|
</IfModule>
|
|
</IfModule>
|
|
</IfDefine>
|
|
</IfDefine>
|
|
|
|
|