apache2 2.4.7-1ubuntu4 / etc / apache2 / mods-available / ssl.conf

This file is indexed.

/etc/apache2/mods-available/ssl.conf is in apache2 2.4.7-1ubuntu4.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
<IfModule mod_ssl.c>

	# Pseudo Random Number Generator (PRNG):
	# Configure one or more sources to seed the PRNG of the SSL library.
	# The seed data should be of good random quality.
	# WARNING! On some platforms /dev/random blocks if not enough entropy
	# is available. This means you then cannot use the /dev/random device
	# because it would lead to very long connection times (as long as
	# it requires to make more entropy available). But usually those
	# platforms additionally provide a /dev/urandom device which doesn't
	# block. So, if available, use this one instead. Read the mod_ssl User
	# Manual for more details.
	#
	SSLRandomSeed startup builtin
	SSLRandomSeed startup file:/dev/urandom 512
	SSLRandomSeed connect builtin
	SSLRandomSeed connect file:/dev/urandom 512

	##
	##  SSL Global Context
	##
	##  All SSL configuration in this context applies both to
	##  the main server and all SSL-enabled virtual hosts.
	##

	#
	#   Some MIME-types for downloading Certificates and CRLs
	#
	AddType application/x-x509-ca-cert .crt
	AddType application/x-pkcs7-crl	.crl

	#   Pass Phrase Dialog:
	#   Configure the pass phrase gathering process.
	#   The filtering dialog program (`builtin' is a internal
	#   terminal dialog) has to provide the pass phrase on stdout.
	SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase

	#   Inter-Process Session Cache:
	#   Configure the SSL Session Cache: First the mechanism 
	#   to use and second the expiring timeout (in seconds).
	#   (The mechanism dbm has known memory leaks and should not be used).
	#SSLSessionCache		 dbm:${APACHE_RUN_DIR}/ssl_scache
	SSLSessionCache		shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
	SSLSessionCacheTimeout  300

	#   Semaphore:
	#   Configure the path to the mutual exclusion semaphore the
	#   SSL engine uses internally for inter-process synchronization. 
	#   (Disabled by default, the global Mutex directive consolidates by default
	#   this)
	#Mutex file:${APACHE_LOCK_DIR}/ssl_mutex ssl-cache


	#   SSL Cipher Suite:
	#   List the ciphers that the client is permitted to negotiate. See the
	#   ciphers(1) man page from the openssl package for list of all available
	#   options.
	#   Enable only secure ciphers:
	SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5

	#   Speed-optimized SSL Cipher configuration:
	#   If speed is your main concern (on busy HTTPS servers e.g.),
	#   you might want to force clients to specific, performance
	#   optimized ciphers. In this case, prepend those ciphers
	#   to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
	#   Caveat: by giving precedence to RC4-SHA and AES128-SHA
	#   (as in the example below), most connections will no longer
	#   have perfect forward secrecy - if the server's key is
	#   compromised, captures of past or future traffic must be
	#   considered compromised, too.
	#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
	#SSLHonorCipherOrder on

	#   The protocols to enable.
	#   Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2
	#   SSL v2  is no longer supported
	SSLProtocol all

	#   Allow insecure renegotiation with clients which do not yet support the
	#   secure renegotiation protocol. Default: Off
	#SSLInsecureRenegotiation on

	#   Whether to forbid non-SNI clients to access name based virtual hosts.
	#   Default: Off
	#SSLStrictSNIVHostCheck On

</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

APT Browse - Built by Thomas Orozco.