httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ic...@apache.org
Subject svn commit: r1817380 - /httpd/test/mod_h2/trunk/conf/httpd.conf
Date Thu, 07 Dec 2017 15:09:45 GMT
Author: icing
Date: Thu Dec  7 15:09:45 2017
New Revision: 1817380

URL: http://svn.apache.org/viewvc?rev=1817380&view=rev
Log:
use SSLPolicy when available

Modified:
    httpd/test/mod_h2/trunk/conf/httpd.conf

Modified: httpd/test/mod_h2/trunk/conf/httpd.conf
URL: http://svn.apache.org/viewvc/httpd/test/mod_h2/trunk/conf/httpd.conf?rev=1817380&r1=1817379&r2=1817380&view=diff
==============================================================================
--- httpd/test/mod_h2/trunk/conf/httpd.conf (original)
+++ httpd/test/mod_h2/trunk/conf/httpd.conf Thu Dec  7 15:09:45 2017
@@ -161,26 +161,42 @@ DocumentRoot "SUBST_SERVER_ROOT_SUBST/ht
 
     Listen SUBST_PORT_HTTPS_SUBST
 
-    SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
-    SSLCipherSuite          ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
-    SSLHonorCipherOrder     on
-    SSLCompression          off
-    SSLSessionTickets       off
-
-    SSLPassPhraseDialog  builtin
-    SSLSessionCache        "shmcb:logs/ssl_scache(512000)"
-    SSLSessionCacheTimeout  300
+    <IfVersion >= 2.5.0>
+      SSLPolicy modern
+      # disable proxy cert verification in this test setup
+      SSLProxyVerify none
     
-    # OCSP Stapling, only in httpd 2.3.3 and later
-    SSLUseStapling          on
-    SSLStaplingResponderTimeout 5
-    SSLStaplingReturnResponderErrors off
-    SSLStaplingCache        shmcb:logs/ssl_stapling(32768)
+      <SSLPolicyDefine GoodStapling>
+        SSLUseStapling          on
+        SSLStaplingResponderTimeout 5
+        SSLStaplingReturnResponderErrors off
+      </SSLPolicyDefine>
+      SSLPolicy GoodStapling
+
+    </IfVersion>
+    <IfVersion < 2.5.0>
+      SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
+      SSLCipherSuite          ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
+      SSLHonorCipherOrder     on
+      SSLCompression          off
+      SSLSessionTickets       off
+
+      SSLPassPhraseDialog  builtin
+      SSLSessionCache        "shmcb:logs/ssl_scache(512000)"
+      SSLSessionCacheTimeout  300
+    
+      SSLProxyProtocol        all -SSLv3 -TLSv1 -TLSv1.1
+      # don't do this at home, kids
+      SSLProxyVerify none
+      SSLProxyCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
   
+
+      # OCSP Stapling, only in httpd 2.3.3 and later
+      SSLUseStapling          on
+      SSLStaplingResponderTimeout 5
+      SSLStaplingReturnResponderErrors off
+    </IfVersion>
 
-    SSLProxyProtocol        all -SSLv3 -TLSv1 -TLSv1.1
-    # don't do this at home, kids
-    SSLProxyVerify none
-    SSLProxyCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
   
+    SSLStaplingCache        shmcb:logs/ssl_stapling(32768)
 
 </IfModule>
 



Mime
View raw message