diff options
author | jsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68> | 2013-01-03 07:42:01 +0000 |
---|---|---|
committer | jsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68> | 2013-01-03 07:42:01 +0000 |
commit | 4edb611792cbf0a3335631a181c15095e81e8afa (patch) | |
tree | 111cbec79d7b2861396fe886004f3be58635e99d /sca-cpp/trunk/modules/http/httpd-ssl-conf | |
parent | d7069b5a2e7859ab14c5a909d5e5fc6bc84b80cb (diff) |
Minor changes to server config scripts to get auth and session management to behave the same with or without a proxy.
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1428194 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to '')
-rwxr-xr-x | sca-cpp/trunk/modules/http/httpd-ssl-conf | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/sca-cpp/trunk/modules/http/httpd-ssl-conf b/sca-cpp/trunk/modules/http/httpd-ssl-conf index f99a10071c..3bd1dd63dc 100755 --- a/sca-cpp/trunk/modules/http/httpd-ssl-conf +++ b/sca-cpp/trunk/modules/http/httpd-ssl-conf @@ -68,6 +68,7 @@ SSLSessionCacheTimeout 300 Mutex "file:$root/logs" ssl-cache SSLRandomSeed startup builtin SSLRandomSeed connect builtin +SSLCompression Off # Listen on HTTPS port Listen $sslport @@ -165,7 +166,10 @@ UseCanonicalName Off # Enable SSL SSLEngine on -SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL +SSLProtocol ALL -SSLv2 +SSLHonorCipherOrder On +#SSLCipherSuite ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:RC4-SHA:AES128-SHA:HIGH:!MD5:!DHE:!3DES:!EXP:!ADH:!EDH:!aNULL:!eNULL:!NULL +SSLCipherSuite ECDHE-RSA-RC4-SHA:RC4-SHA:ECDHE-RSA-AES128-SHA:AES128-SHA:ECDHE-RSA-AES256-SHA:AES256-SHA:!DHE:!3DES:!EXP:!ADH:!EDH:!aNULL:!eNULL:!NULL BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 SSLOptions +StrictRequire +OptRenegotiate +FakeBasicAuth @@ -188,9 +192,12 @@ ProxyRequests Off ProxyPreserveHost On ProxyStatus On SSLProxyEngine on -SSLProxyCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL +SSLProxyProtocol ALL -SSLv2 +#SSLCipherSuite ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:RC4-SHA:AES128-SHA:HIGH:!MD5:!DHE:!3DES:!EXP:!ADH:!EDH:!aNULL:!eNULL:!NULL +SSLProxyCipherSuite ECDHE-RSA-RC4-SHA:RC4-SHA:ECDHE-RSA-AES128-SHA:AES128-SHA:ECDHE-RSA-AES256-SHA:AES256-SHA:!DHE:!3DES:!EXP:!ADH:!EDH:!aNULL:!eNULL:!NULL # Verify server certificates +SSLProxyCACertificateFile "$root/cert/cacert.pem" SSLProxyVerify require SSLProxyVerifyDepth 1 SSLProxyCheckPeerCN Off |