diff options
| author | Sander Temme <sctemme@apache.org> | 2009-11-10 08:55:13 +0100 |
|---|---|---|
| committer | Sander Temme <sctemme@apache.org> | 2009-11-10 08:55:13 +0100 |
| commit | b90aee19b928538389a34b25963ae59eebf7c4f5 (patch) | |
| tree | d938e1eeb71768682480affaf0c5c851fb8020a2 /docs/conf/extra | |
| parent | mod_dav_fs: Include uri when logging a PUT error due to connection abort. (diff) | |
| download | apache2-b90aee19b928538389a34b25963ae59eebf7c4f5.tar.xz apache2-b90aee19b928538389a34b25963ae59eebf7c4f5.zip | |
enable support for ECC keys and ECDH ciphers. Tested against
OpenSSL 1.0.0b3. [Vipul Gupta vipul.gupta sun.com, Sander Temme]
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@834378 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'docs/conf/extra')
| -rw-r--r-- | docs/conf/extra/httpd-ssl.conf.in | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in index 4ce8426365..809ab827d4 100644 --- a/docs/conf/extra/httpd-ssl.conf.in +++ b/docs/conf/extra/httpd-ssl.conf.in @@ -81,6 +81,9 @@ SSLEngine on # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. +# Recent OpenSSL snapshots include Elliptic Curve Cryptograhpy (ECC) +# cipher suites (see RFC 4492) as part of "ALL". Edit this line +# if you need to disable any of those ciphers. SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL # Server Certificate: @@ -90,16 +93,22 @@ SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL # in mind that if you have both an RSA and a DSA certificate you # can configure both in parallel (to also allow the use of DSA # ciphers, etc.) +# Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt) +# require an ECC certificate which can also be configured in +# parallel. SSLCertificateFile "@exp_sysconfdir@/server.crt" #SSLCertificateFile "@exp_sysconfdir@/server-dsa.crt" +#SSLCertificateFile "@exp_sysconfdir@/server-ecc.crt" # Server Private Key: # If the key is not combined with the certificate, use this # directive to point at the key file. Keep in mind that if # you've both a RSA and a DSA private key you can configure # both in parallel (to also allow the use of DSA ciphers, etc.) +# ECC keys, when in use, can also be configured in parallel SSLCertificateKeyFile "@exp_sysconfdir@/server.key" #SSLCertificateKeyFile "@exp_sysconfdir@/server-dsa.key" +#SSLCertificateKeyFile "@exp_sysconfdir@/server-ecc.key" # Server Certificate Chain: # Point SSLCertificateChainFile at a file containing the |