- Timestamp:
- Jan 11, 2013, 12:55:20 AM (8 years ago)
- Branches:
- debian/master, debian/stretch-backports, jessie-backports, upstream
- Children:
- 3f5c713, ec06980
- Parents:
- 3e94bd3
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
README
r3e94bd3 r70c2d86 20 20 ---------------------------- 21 21 22 Author: Paul Querna <chip force-elite.com 22 Author: Paul Querna <chip force-elite.com> 23 24 Heavily modified by Nikos Mavrogiannopoulos <nmav gnutls.org> 23 25 24 26 License: Apache Software License v2.0. (see the LICENSE file for details) … … 26 28 Current Status: 27 29 - SSL and TLS connections with all popular browsers work! 28 - Sets some enviromental vars for scripts30 - Sets enviromental vars for scripts (compatible with mod_ssl vars) 29 31 - Supports Memcached as a distributed SSL Session Cache 30 32 - Supports DBM as a local SSL Session Cache 31 32 Future Development: 33 - Support for Server Name Indication (partial support is in, but disabled) 33 - Support for Server Name Indication 34 34 - Support for Client Certificates 35 - Support for TLS-SRP 35 36 36 37 Basic Configuration: … … 59 60 GnuTLSCertificateFile conf/server.cert 60 61 </VirtualHost> 62 63 64 # a more advance configuration 65 GnuTLSCache dbm "/var/cache/www-tls-cache/cache" 66 GnuTLSCacheTimeout 500 67 GnuTLSProtocols TLS1.1 TLS1.0 SSL3.0 68 NameVirtualHost 1.2.3.4:443 69 70 <VirtualHost 1.2.3.4:443> 71 Servername server.com:443 72 GnuTLSEnable on 73 GnuTLSCiphers AES-128-CBC 3DES-CBC ARCFOUR-128 74 GnuTLSKeyExchangeAlgorithms RSA DHE-RSA DHE-DSS SRP SRP-RSA SRP-DSS 75 GnuTLSMACAlgorithms SHA1 MD5 76 GnuTLSCompressionMethods NULL 77 # To export exactly the same environment variables as mod_ssl to CGI scripts. 78 GNUTLSExportCertificates on 79 80 GnuTLSCertificateFile /etc/apache2/server-cert.pem 81 GnuTLSKeyFile /etc/apache2/server-key.pem 82 83 # To enable SRP you must have these files installed. Check the gnutls srptool. 84 GnuTLSSRPPasswdFile /etc/apache2/tpasswd 85 GnuTLSSRPPasswdConfFile /etc/apache2/tpasswd.conf 86 87 # In order to verify client certificates. Other options to 88 # GnuTLSClientVerify could be ignore or require. The GnuTLSClientCAFile 89 # contains the CAs to verify client certificates. 90 GnuTLSClientVerify request 91 GnuTLSClientCAFile ca.pem 92 ... 93 </VirtualHost>
Note: See TracChangeset
for help on using the changeset viewer.