pkgsrc-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: apache crashing
David Brownlee wrote:
Does it work if you add the following to the the <VirtualHost>
SSLProtocol -all +SSLv3
and fail again if instead you use
SSLProtocol -all +TLSv1 +SSLv3
I don't have anything matching SSLProtocol, should I?
ROOT www:/usr/pkg/etc/httpd> grep -r SSLProtocol *
ROOT www:/usr/pkg/etc/httpd>
www:/usr/pkg> diff -u share/examples/httpd/extra/httpd-ssl.conf
etc/httpd/httpd-ssl.conf
--- share/examples/httpd/extra/httpd-ssl.conf 2010-02-02 13:26:37.000000000
+0200
+++ etc/httpd/httpd-ssl.conf 2008-10-17 20:41:06.000000000 +0300
@@ -87,7 +94,7 @@
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
-SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+SSLCipherSuite HIGH
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
@@ -96,7 +103,7 @@
# in mind that if you have both an RSA and a DSA certificate you
# can configure both in parallel (to also allow the use of DSA
# ciphers, etc.)
-SSLCertificateFile "/usr/pkg/etc/httpd/server.crt"
+SSLCertificateFile "/etc/openssl/certs/server.pem"
#SSLCertificateFile "/usr/pkg/etc/httpd/server-dsa.crt"
# Server Private Key:
@@ -104,7 +111,7 @@
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
-SSLCertificateKeyFile "/usr/pkg/etc/httpd/server.key"
+SSLCertificateKeyFile "/etc/openssl/private/server.key"
#SSLCertificateKeyFile "/usr/pkg/etc/httpd/server-dsa.key"
# Server Certificate Chain:
Martti
Home |
Main Index |
Thread Index |
Old Index