From 4edb611792cbf0a3335631a181c15095e81e8afa Mon Sep 17 00:00:00 2001
From: jsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68>
Date: Thu, 3 Jan 2013 07:42:01 +0000
Subject: Minor changes to server config scripts to get auth and session
 management to behave the same with or without a proxy.

git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1428194 13f79535-47bb-0310-9956-ffa450edef68
---
 sca-cpp/trunk/modules/http/httpd-ssl-conf | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'sca-cpp/trunk/modules/http/httpd-ssl-conf')

diff --git a/sca-cpp/trunk/modules/http/httpd-ssl-conf b/sca-cpp/trunk/modules/http/httpd-ssl-conf
index f99a10071c..3bd1dd63dc 100755
--- a/sca-cpp/trunk/modules/http/httpd-ssl-conf
+++ b/sca-cpp/trunk/modules/http/httpd-ssl-conf
@@ -68,6 +68,7 @@ SSLSessionCacheTimeout 300
 Mutex "file:$root/logs" ssl-cache
 SSLRandomSeed startup builtin
 SSLRandomSeed connect builtin
+SSLCompression Off
 
 # Listen on HTTPS port
 Listen $sslport
@@ -165,7 +166,10 @@ UseCanonicalName Off
 
 # Enable SSL
 SSLEngine on
-SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+SSLProtocol ALL -SSLv2
+SSLHonorCipherOrder On
+#SSLCipherSuite ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:RC4-SHA:AES128-SHA:HIGH:!MD5:!DHE:!3DES:!EXP:!ADH:!EDH:!aNULL:!eNULL:!NULL
+SSLCipherSuite ECDHE-RSA-RC4-SHA:RC4-SHA:ECDHE-RSA-AES128-SHA:AES128-SHA:ECDHE-RSA-AES256-SHA:AES256-SHA:!DHE:!3DES:!EXP:!ADH:!EDH:!aNULL:!eNULL:!NULL
 BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
 SSLOptions +StrictRequire +OptRenegotiate +FakeBasicAuth
 
@@ -188,9 +192,12 @@ ProxyRequests Off
 ProxyPreserveHost On
 ProxyStatus On
 SSLProxyEngine on
-SSLProxyCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+SSLProxyProtocol ALL -SSLv2
+#SSLCipherSuite ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:RC4-SHA:AES128-SHA:HIGH:!MD5:!DHE:!3DES:!EXP:!ADH:!EDH:!aNULL:!eNULL:!NULL
+SSLProxyCipherSuite ECDHE-RSA-RC4-SHA:RC4-SHA:ECDHE-RSA-AES128-SHA:AES128-SHA:ECDHE-RSA-AES256-SHA:AES256-SHA:!DHE:!3DES:!EXP:!ADH:!EDH:!aNULL:!eNULL:!NULL
 
 # Verify server certificates
+SSLProxyCACertificateFile "$root/cert/cacert.pem"
 SSLProxyVerify require
 SSLProxyVerifyDepth 1
 SSLProxyCheckPeerCN Off
-- 
cgit v1.2.3