apache2-mod_nss/listen_nss.conf
Wolfgang Rosenauer 1d3e419a19 Accepting request 222758 from home:draht:branches:mozilla:Factory
- mod_nss-cipherlist_update_for_tls12-doc.diff
  mod_nss-cipherlist_update_for_tls12.diff
  GCM mode and Camellia ciphers added to the supported ciphers list.
  The additional ciphers are: 
  rsa_aes_128_gcm_sha == TLS_RSA_WITH_AES_128_GCM_SHA256
  rsa_camellia_128_sha == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
  rsa_camellia_256_sha == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
  ecdh_ecdsa_aes_128_gcm_sha == TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
  ecdhe_ecdsa_aes_128_gcm_sha == TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  ecdh_rsa_aes_128_gcm_sha == TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
  ecdhe_rsa_aes_128_gcm_sha == TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  [bnc#863035]

- mod_nss-CVE-2013-4566-NSSVerifyClient.diff fixes CVE-2013-4566:
  If 'NSSVerifyClient none' is set in the server / vhost context
  (i.e. when server is configured to not request or require client
  certificate authentication on the initial connection), and client
  certificate authentication is expected to be required for a 
  specific directory via 'NSSVerifyClient require' setting, 
  mod_nss fails to properly require certificate authentication.
  Remote attacker can use this to access content of the restricted
  directories. [bnc#853039]

- glue documentation added to /etc/apache2/conf.d/mod_nss.conf:
  * simultaneaous usage of mod_ssl and mod_nss
  * SNI concurrency
  * SUSE framework for apache configuration, Listen directive
  * module initialization
- mod_nss-conf.patch obsoleted by scratch-version of nss.conf.in
  or mod_nss.conf, respectively. This also leads to the removal of

OBS-URL: https://build.opensuse.org/request/show/222758
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/apache2-mod_nss?expand=0&rev=8
2014-02-20 21:12:44 +00:00

44 lines
1.5 KiB
Plaintext

# This is /etc/apache2/listen-nss.conf
#
# This file is read from /etc/apache2/conf.d/mod_nss.conf ,
# the starting point for all configuration of mod_nss.
#
# Please have a look at the top section of the file
# /etc/apache2/conf.d/mod_nss.conf for information and
# instructions about how to enable mod_nss.
#
#
# There are two conditions that have to be met for the Listen directive
# below to become active:
# a) The server define "SSL" is present; this means that the apache process
# is launched with the commandline arguments "-D SSL".
# b) The nss apache module is loaded, which happens automatically if you add
# the name of the module ("nss") to the variable APACHE_MODULES in
# /etc/sysconfig/apache2
#
# An equivalent section for mod_ssl (openssl based support for SSL/TLS)
# is contained in the file /etc/apache2/listen.conf, with the dependency to
# the module "ssl" loaded ("<IfModule mod_ssl.c>").
#
# The difference between this file and listen.conf is that listen.conf is
# read (included) from apache's main configuration file /etc/apache2/httpd.conf,
# while _this_ file is included from /etc/apache2/conf.d/mod_nss.conf .
<IfDefine SSL>
<IfDefine !NOSSL>
# mod_ssl may be active and has triggered the Listen directive for 443.
# In this case we refrain from doing a second Listen, as the
# correspondance between the bound port and the VirtualHost does
# not happen here anyway.
<IfModule !mod_ssl.c>
<IfModule mod_nss.c>
Listen 443
</IfModule>
</IfModule>
</IfDefine>
</IfDefine>