httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Juanma Barranquero <le...@mi.madritel.es>
Subject Re: [PATCH ?] RE: SEGV in allocator_free
Date Thu, 25 Mar 2004 23:07:12 GMT
On Thu, 25 Mar 2004 13:58:54 +0000, Joe Orton <jorton@redhat.com> wrote:

> Are those who can reproduce this segfault using a reverse proxy to an
> SSL backend (i.e. SSLProxyEngine on)?

Not in my case.

My entire SSL-related setup (expurging sensitive info, of course :)

##################################################################

Listen 443

ServerName my_server_name
UseCanonicalName off
ContentDigest On

SSLPassPhraseDialog builtin
SSLSessionCache dbm:C:/path/to/ssl_cache
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

<VirtualHost _default_:443>

    ServerName my_server_name:443
    ServerAlias my_other_server_name

    DocumentRoot "C:/path/to/document/root"

    SSLEngine On
    SSLProtocol -all +TLSv1 +SSLv3
    SSLCipherSuite HIGH:MEDIUM

    SSLCertificateFile "C:/path/to/my-server-cert.pem"
    SSLCertificateKeyFile "C:/path/to/my-server-key.pem"
    SSLCACertificateFile "C:/path/to/my-ca-cert.pem"

    SSLVerifyClient require
    SSLVerifyDepth  1

    CustomLog "|c:/path/to/rotatelogs.exe c:/path/to/logs/ssl.log 86400" \
              "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %>s %b"

</VirtualHost>

<Location />
    SSLRequireSSL
    SSLOptions +StrictRequire +OptRenegotiate +FakeBasicAuth
    SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
    ...
</Location>

<Location /cgi>
    SSLOptions +StdEnvVars
    ...
</Location>

##################################################################

Apache is listening only on port 443, i.e., only https:// access is
allowed.

Hope it helps,

                                                           /L/e/k/t/u


Mime
View raw message