Changeset 70c2d86 in mod_gnutls for README


Ignore:
Timestamp:
Jan 11, 2013, 12:55:20 AM (7 years ago)
Author:
Daniel Kahn Gillmor <dkg@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, upstream
Children:
3f5c713, ec06980
Parents:
3e94bd3
Message:

Imported Upstream version 0.3.4

File:
1 edited

Legend:

Unmodified
Added
Removed

  • README

    r3e94bd3 r70c2d86  
    2020----------------------------
    2121
    22 Author: Paul Querna <chip force-elite.com
     22Author: Paul Querna <chip force-elite.com>
     23
     24Heavily modified by Nikos Mavrogiannopoulos <nmav gnutls.org>
    2325
    2426License: Apache Software License v2.0. (see the LICENSE file for details)
     
    2628Current Status:
    2729- SSL and TLS connections with all popular browsers work!
    28 - Sets some enviromental vars for scripts
     30- Sets enviromental vars for scripts (compatible with mod_ssl vars)
    2931- Supports Memcached as a distributed SSL Session Cache
    3032- Supports DBM as a local SSL Session Cache
    31 
    32 Future Development:
    33 - Support for Server Name Indication (partial support is in, but disabled)
     33- Support for Server Name Indication
    3434- Support for Client Certificates
     35- Support for TLS-SRP
    3536
    3637Basic Configuration:
     
    5960    GnuTLSCertificateFile conf/server.cert
    6061</VirtualHost>
     62
     63
     64# a more advance configuration
     65GnuTLSCache dbm "/var/cache/www-tls-cache/cache"
     66GnuTLSCacheTimeout 500
     67GnuTLSProtocols TLS1.1 TLS1.0 SSL3.0
     68NameVirtualHost 1.2.3.4:443
     69
     70<VirtualHost 1.2.3.4:443>
     71        Servername server.com:443
     72        GnuTLSEnable on
     73        GnuTLSCiphers AES-128-CBC 3DES-CBC ARCFOUR-128
     74        GnuTLSKeyExchangeAlgorithms RSA DHE-RSA DHE-DSS SRP SRP-RSA SRP-DSS
     75        GnuTLSMACAlgorithms SHA1 MD5
     76        GnuTLSCompressionMethods NULL
     77# To export exactly the same environment variables as mod_ssl to CGI scripts.
     78        GNUTLSExportCertificates on
     79
     80        GnuTLSCertificateFile /etc/apache2/server-cert.pem
     81        GnuTLSKeyFile /etc/apache2/server-key.pem
     82
     83# To enable SRP you must have these files installed. Check the gnutls srptool.
     84        GnuTLSSRPPasswdFile /etc/apache2/tpasswd
     85        GnuTLSSRPPasswdConfFile /etc/apache2/tpasswd.conf
     86
     87# In order to verify client certificates. Other options to
     88# GnuTLSClientVerify could be ignore or require. The GnuTLSClientCAFile
     89# contains the CAs to verify client certificates.
     90        GnuTLSClientVerify request
     91        GnuTLSClientCAFile ca.pem
     92        ...
     93</VirtualHost>
Note: See TracChangeset for help on using the changeset viewer.