On Thu, 25 Mar 2004 13:58:54 +0000, Joe Orton <[EMAIL PROTECTED]> wrote:
> Are those who can reproduce this segfault using a reverse proxy to an
> SSL backend (i.e. SSLProxyEngine on)?
Not in my case.
My entire SSL-related setup (expurging sensitive info, of course :)
##################################################################
Listen 443
ServerName my_server_name
UseCanonicalName off
ContentDigest On
SSLPassPhraseDialog builtin
SSLSessionCache dbm:C:/path/to/ssl_cache
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
<VirtualHost _default_:443>
ServerName my_server_name:443
ServerAlias my_other_server_name
DocumentRoot "C:/path/to/document/root"
SSLEngine On
SSLProtocol -all +TLSv1 +SSLv3
SSLCipherSuite HIGH:MEDIUM
SSLCertificateFile "C:/path/to/my-server-cert.pem"
SSLCertificateKeyFile "C:/path/to/my-server-key.pem"
SSLCACertificateFile "C:/path/to/my-ca-cert.pem"
SSLVerifyClient require
SSLVerifyDepth 1
CustomLog "|c:/path/to/rotatelogs.exe c:/path/to/logs/ssl.log 86400" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %>s %b"
</VirtualHost>
<Location />
SSLRequireSSL
SSLOptions +StrictRequire +OptRenegotiate +FakeBasicAuth
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
...
</Location>
<Location /cgi>
SSLOptions +StdEnvVars
...
</Location>
##################################################################
Apache is listening only on port 443, i.e., only https:// access is
allowed.
Hope it helps,
/L/e/k/t/u
