forked from pool/apache2
Accepting request 644712 from home:adkorte:branches:Apache
- the "event" MPM is fully supported since 2.4 - configure an OCSP stapling cache by default (still requires enabling SSLUseStapling in vhost) OBS-URL: https://build.opensuse.org/request/show/644712 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=572
This commit is contained in:
Git OBS Bridge
parent
cb4ffad5b8
commit
e86bea8079
@ -46,12 +46,27 @@
|
||||
#SSLSessionCache dbm:/var/lib/apache2/ssl_scache
|
||||
#</IfModule>
|
||||
|
||||
<IfModule mod_socache_shmcb.c>
|
||||
<IfModule mod_socache_shmcb.c>
|
||||
SSLSessionCache shmcb:/var/lib/apache2/ssl_scache(512000)
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
|
||||
SSLSessionCacheTimeout 300
|
||||
|
||||
# Configures the cache used to store OCSP responses which get included in
|
||||
# the TLS handshake if SSLUseStapling is enabled. Configuration of a cache
|
||||
# is mandatory for OCSP stapling. With the exception of none and nonenotnull,
|
||||
# the same storage types are supported as with SSLSessionCache.
|
||||
#<IfModule mod_socache_dbm.c>
|
||||
#SSLStaplingCache dbm:/var/lib/apache2/ssl_stapling
|
||||
#</IfModule>
|
||||
|
||||
<IfModule mod_socache_shmcb.c>
|
||||
SSLStaplingCache shmcb:/var/lib/apache2/ssl_stapling(64000)
|
||||
</IfModule>
|
||||
|
||||
SSLStaplingStandardCacheTimeout 86400
|
||||
SSLStaplingErrorCacheTimeout 300
|
||||
SSLStaplingReturnResponderErrors Off
|
||||
|
||||
# Pseudo Random Number Generator (PRNG):
|
||||
# Configure one or more sources to seed the PRNG of the
|
||||
@ -72,13 +87,13 @@
|
||||
|
||||
# SSL protocols
|
||||
# Allow TLS version 1.2 only, which is a recommended default these days
|
||||
# by international information security standards.
|
||||
# by international information security standards.
|
||||
SSLProtocol TLSv1.2
|
||||
|
||||
# SSL Cipher Suite:
|
||||
# List the ciphers that the client is permitted to negotiate.
|
||||
# See the mod_ssl documentation for a complete list.
|
||||
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
|
||||
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
|
||||
|
||||
# SSLHonorCipherOrder
|
||||
# If SSLHonorCipherOrder is disabled, then the client's preferences
|
||||
|
||||
@ -35,6 +35,10 @@
|
||||
# Enable/Disable SSL for this virtual host.
|
||||
SSLEngine on
|
||||
|
||||
# OCSP Stapling:
|
||||
# Enable/Disable OCSP for this virtual host.
|
||||
SSLUseStapling on
|
||||
|
||||
# You can use per vhost certificates if SNI is supported.
|
||||
SSLCertificateFile /etc/apache2/ssl.crt/vhost-example.crt
|
||||
SSLCertificateKeyFile /etc/apache2/ssl.key/vhost-example.key
|
||||
|
||||
@ -1,3 +1,10 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Oct 25 17:28:42 UTC 2018 - Arjen de Korte <suse+build@de-korte.org>
|
||||
|
||||
- the "event" MPM is fully supported since 2.4
|
||||
- configure an OCSP stapling cache by default (still requires enabling
|
||||
SSLUseStapling in vhost)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Oct 18 20:41:02 UTC 2018 - Manu Maier <mmanu84@outlook.de>
|
||||
|
||||
|
||||
@ -264,8 +264,7 @@ maximum stability because each server runs in its own process. If a
|
||||
process dies it will not affect other servers.
|
||||
|
||||
%description event
|
||||
The event MPM (multi-Processing Module) is experimental, so it may or
|
||||
may not work as expected.
|
||||
"event" MPM (multi-Processing Module)
|
||||
|
||||
It uses a separate thread to handle Keep Alive requests and accepting
|
||||
connections. Keep Alive requests have traditionally required httpd to
|
||||
|
||||
Loading…
Reference in New Issue
Block a user