You are not logged in.

Pages: 1

#1 2014-03-18 10:16:07

freaks
Member
Registered: 2010-11-10
Posts: 63

Apache 2.4 problem with SSL

hello,
i have updated my configuration to apache 2.4, i replaced my httpd.conf with the pacnew one. I use mod_mpm_prefork.so.
i can access regular websites (http) and php is ok.
Nevertheless i have an handshake error when i try to access https website

this is my ssl.conf

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache        "shmcb:/var/run/httpd/ssl_scache(512000)"
SSLSessionCacheTimeout  300
Mutex sysvsem default

my website in https

<VirtualHost *:443>
   ServerName myadmin.com:443
   ServerAdmin hostmaster@myadmin.com
   ServerSignature Off

   SSLEngine on
   SSLOptions +StrictRequire
   SSLProtocol all -SSLv2
   SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCACertificateFile /data/system/etc/httpd/ssl/ca.crt
        SSLCertificateFile /data/system/etc/httpd/ssl/hostadmin.myadmin.com.crt
        SSLCertificateKeyFile /data/system/etc/httpd/ssl/hostadmin.myadmin.com.key
   BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
   <Location />
      SSLRequireSSL
      SSLVerifyClient require
      SSLRenegBufferSize 524288000
   </Location>

   DocumentRoot "/data/www_ssl/hostadmin/_www"

   ErrorLog "/data/www_ssl/hostadmin/logs/error.log"
   TransferLog "/data/www_ssl/hostadmin/logs/access.log"
   CustomLog "/data/www_ssl/hostadmin/logs/access_ssl.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

   <FilesMatch "\.(cgi|shtml|phtml|php)$">
      SSLOptions +StdEnvVars +ExportCertData
   </FilesMatch>

   <Directory "/data/www_ssl/hostadmin/_www">
      DirectoryIndex index.php index.html index.htm
      Options ExecCGI Indexes FollowSymLinks MultiViews
      AllowOverride All
      Require all granted
   </Directory>

   Alias /phpmyadmin "/usr/share/webapps/phpMyAdmin"
   <Directory "/usr/share/webapps/phpMyAdmin">
      AllowOverride None
      Options FollowSymlinks
      Require all granted
   </Directory>



</VirtualHost>

if somebody can give me an example of ssl.conf


thanks for your help

Last edited by freaks (2014-03-18 10:37:02)

Offline

#2 2014-03-19 04:04:27

prelog
Member
Registered: 2012-09-08
Posts: 7

Re: Apache 2.4 problem with SSL

freaks wrote:

if somebody can give me an example of ssl.conf

Hi freaks; you can find an example SSL configuration file here on your system:

/etc/httpd/conf/extra/httpd-ssl.conf

It’s full of comments describing what the different options are.

Apache’s documentation on SSL is full of good stuff, including a howto.

As far as selecting ciphers go, you could do worse than following Qualys’ advice on the subject.

Paul

Last edited by prelog (2014-03-19 04:05:40)

Offline

Pages: 1

Board footer

Powered by FluxBB