Opened 10 years ago
Closed 10 years ago
#14 closed defect (fixed)
Allow for configuration of parameters globally
| Reported by: | Daniel Kahn Gillmor | Owned by: | Daniel Kahn Gillmor |
|---|---|---|---|
| Priority: | major | Component: | code |
| Version: | 5.10 | Keywords: | config |
| Cc: |
Description
imported from mantis, benbe wrote:
It'd be nice if you could configure some parts like Cipher Priority, Certificate Chain File (yeah, that one makes sense), maybe even default Certificate (if you've got a wildcard which can be used as fallback), GnuTLS-based Auth Params, ... in the global Apache Configuration and get those values as a default if they aren't present in the actual VHost configuration.
Additional Information Take this sample configuration:
GnuTLSCertChain /etc/ssl/all_my_certs_chain.pem GnuTLSCipherPriority NONE:!MD5:!ANON-DH:!SSLv3:!SECURE128:+CIPHER-ALL:+TLS-ALL:... NameVirtualHost 1.1.1.1:80 <VirtualHost 1.1.1.1:80> ServerName foo.com GnuTLS on GnuTLSKeyFile /etc/ssl/mycert1.key GnuTLSCertFile /etc/ssl/mycert1.pem </VirtualHost> <VirtualHost 1.1.1.1:80> ServerName bar.com GnuTLS on GnuTLSKeyFile /etc/ssl/mycert2.key GnuTLSCertFile /etc/ssl/mycert2.pem </VirtualHost>
Both VHosts should now be using the set priority string and send /etc/ssl/all_my_certs_chain.pem as their key chain (plus their actual certificate as the leaf).
Note: See
TracTickets for help on using
tickets.
this is fixed in trunk.