source: mod_gnutls/test/tests/23_TLS_reverse_proxy_mismatched_priorities/apache.conf @ e5546be

proxy-ticket
Last change on this file since e5546be was c33ef88, checked in by Fiona Klute <fiona.klute@…>, 2 years ago

Test suite: Use ciphers, not protocol versions for priority mismatch test

This works around a bug in GnuTLS 3.6.4 (gnutls_priority_set in post
client hello function breaks handshake for clients with TLS versions
before TLS 1.3), see https://gitlab.com/gnutls/gnutls/issues/580

  • Property mode set to 100644
File size: 534 bytes
Line 
1Include ${srcdir}/base_apache.conf
2Include ${srcdir}/proxy_mods.conf
3
4GnuTLSCache ${DEFAULT_CACHE}
5
6<VirtualHost _default_:${TEST_PORT}>
7 ServerName ${TEST_HOST}
8 GnuTLSEnable On
9 GnuTLSCertificateFile server/x509.pem
10 GnuTLSKeyFile server/secret.key
11 GnuTLSPriorities NORMAL
12
13 GnuTLSProxyEngine      On
14 GnuTLSProxyCAFile      authority/x509.pem
15 GnuTLSProxyPriorities  NORMAL:-CIPHER-ALL:+AES-256-GCM
16 ProxyPass /proxy/ https://${BACKEND_HOST}:${BACKEND_PORT}/
17 ProxyPassReverse /proxy/ https://${BACKEND_HOST}:${BACKEND_PORT}/
18</VirtualHost>
Note: See TracBrowser for help on using the repository browser.