diff options
| author | Philip M. Gollucci <pgollucci@FreeBSD.org> | 2012-01-23 23:24:38 +0000 |
|---|---|---|
| committer | Philip M. Gollucci <pgollucci@FreeBSD.org> | 2012-01-23 23:24:38 +0000 |
| commit | bccdbf238782ec66b4820ebe3f16d774c614ce3f (patch) | |
| tree | a96e1751e48e8d1537f65f7820ccedb695ea57b1 /www/apache22 | |
| parent | 5cc7b0075eb11cc674da3ef1a78bcde7a900ce37 (diff) | |
| download | ports-bccdbf238782ec66b4820ebe3f16d774c614ce3f.tar.gz ports-bccdbf238782ec66b4820ebe3f16d774c614ce3f.zip | |
Notes
Diffstat (limited to 'www/apache22')
| -rw-r--r-- | www/apache22/files/patch-docs__conf__extra__httpd-ssl.conf.in | 30 |
1 files changed, 23 insertions, 7 deletions
diff --git a/www/apache22/files/patch-docs__conf__extra__httpd-ssl.conf.in b/www/apache22/files/patch-docs__conf__extra__httpd-ssl.conf.in index 78529785a8c9..3adaedb412e7 100644 --- a/www/apache22/files/patch-docs__conf__extra__httpd-ssl.conf.in +++ b/www/apache22/files/patch-docs__conf__extra__httpd-ssl.conf.in @@ -1,6 +1,15 @@ ---- ./docs/conf/extra/httpd-ssl.conf.in.orig 2012-01-18 03:31:51.970548706 +0000 -+++ ./docs/conf/extra/httpd-ssl.conf.in 2012-01-18 03:32:22.100547808 +0000 -@@ -84,11 +84,29 @@ +--- ./docs/conf/extra/httpd-ssl.conf.in.orig 2008-02-04 23:00:07.000000000 +0000 ++++ ./docs/conf/extra/httpd-ssl.conf.in 2012-01-23 23:20:06.446390870 +0000 +@@ -77,17 +77,35 @@ + DocumentRoot "@exp_htdocsdir@" + ServerName www.example.com:@@SSLPort@@ + ServerAdmin you@example.com +-ErrorLog "@exp_logfiledir@/error_log" +-TransferLog "@exp_logfiledir@/access_log" ++ErrorLog "@exp_logfiledir@/httpd-error.log" ++TransferLog "@exp_logfiledir@/httpd-access.log" + + # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on @@ -14,7 +23,7 @@ # See the mod_ssl documentation for a complete list. -SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL +SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 - ++ +# Speed-optimized SSL Cipher configuration: +# If speed is your main concern (on busy HTTPS servers e.g.), +# you might want to force clients to specific, performance @@ -27,11 +36,10 @@ +# considered compromised, too. +#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 +#SSLHonorCipherOrder on -+ + # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If - # the certificate is encrypted, then you will be prompted for a -@@ -218,7 +236,7 @@ +@@ -218,14 +236,14 @@ # Similarly, one has to force some clients to use HTTP/1.0 to workaround # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and # "force-response-1.0" for this. @@ -40,3 +48,11 @@ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 + # Per-Server Logging: + # The home of a custom SSL log file. Use this when you want a + # compact non-error SSL logfile on a virtual host basis. +-CustomLog "@exp_logfiledir@/ssl_request_log" \ ++CustomLog "@exp_logfiledir@/httpd-ssl_request.log" \ + "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + + </VirtualHost> |