| @@ -0,0 +1,72 @@
+##
+## SSL Global Context
+##
+## All SSL configuration in this context applies both to
+## the main server and all SSL-enabled virtual hosts.
+##
+
+# These are the configuration directives to instruct the server how to
+# serve pages over an https connection. For detailing information about these
+# directives see <URL:http://httpd.apache.org/docs-2.2/mod/mod_ssl.html>
+#
+# Do NOT simply read the instructions in here without understanding
+# what they do. They're here only as hints or reminders. If you are unsure
+# consult the online docs. You have been warned.
+
+# This global SSL configuration is ignored if
+# "SSL" is not defined, or if "NOSSL" is defined.
+<IfDefine SSL>
+<IfDefine !NOSSL>
+<IfModule mod_ssl.c>
+
+ #
+ # Some MIME-types for downloading Certificates and CRLs
+ #
+ AddType application/x-x509-ca-cert .crt
+ AddType application/x-pkcs7-crl .crl
+
+ # Pass Phrase Dialog:
+ # Configure the pass phrase gathering process.
+ # The filtering dialog program (`builtin' is a internal
+ # terminal dialog) has to provide the pass phrase on stdout.
+ SSLPassPhraseDialog builtin
+
+ # Inter-Process Session Cache:
+ # Configure the SSL Session Cache: First the mechanism
+ # to use and second the expiring timeout (in seconds).
+ # shm means the same as shmht.
+ # Note that on most platforms shared memory segments are not allowed to be on
+ # network-mounted drives, so in that case you need to use the dbm method.
+ #SSLSessionCache none
+ #SSLSessionCache dbm:/var/lib/apache2/ssl_scache
+ #SSLSessionCache shmht:/var/lib/apache2/ssl_scache(512000)
+ SSLSessionCache shmcb:/var/lib/apache2/ssl_scache(512000)
+ SSLSessionCacheTimeout 600
+
+ # This configures the SSL engine's semaphore (aka. lock) which is
+ # used for mutual exclusion of operations which have to be done in a
+ # synchronized way between the pre-forked Apache server processes.
+ # "default" tells the SSL Module to pick the default locking
+ # implementation as determined by the platform and APR.
+ SSLMutex default
+
+ # Pseudo Random Number Generator (PRNG):
+ # Configure one or more sources to seed the PRNG of the
+ # SSL library. The seed data should be of good random quality.
+ # WARNING! On some platforms /dev/random blocks if not enough entropy
+ # is available. This means you then cannot use the /dev/random device
+ # because it would lead to very long connection times (as long as
+ # it requires to make more entropy available). But usually those
+ # platforms additionally provide a /dev/urandom device which doesn't
+ # block. So, if available, use this one instead. Read the mod_ssl User
+ # Manual for more details.
+ SSLRandomSeed startup builtin
+ SSLRandomSeed connect builtin
+ #SSLRandomSeed startup file:/dev/random 512
+ #SSLRandomSeed connect file:/dev/random 512
+ #SSLRandomSeed startup file:/dev/urandom 512
+ #SSLRandomSeed connect file:/dev/urandom 512
+
+</IfModule>
+</IfDefine>
+</IfDefine>
|
