You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Benjamin Dreux <dr...@uqam.ca> on 2012/12/21 00:41:21 UTC
[users@httpd] Https miss configuration
I think i'v got problem with my configuration.
I've noticed some delay in my https site.
Normally keepalive is on, but some time the connection is droped, and
handshake is made again.
Do you see an error in my conf file.
Here is my site conf
<IfModule mod_ssl.c>
# Activer le cache pour éviter de répéter les handshakes
SSLSessionCache shm:/var/log/apache2/ssl_cache_shm
# Temps d'expiration du cache en secondes
SSLSessionCacheTimeout 600
# SSL Pseudo Random Number Generator
SSLRandomSeed startup file:/dev/urandom 1024
SSLRandomSeed connect file:/dev/urandom 1024
ErrorLog /var/log/apache2/ssl_engine.log
LogLevel debug
</IfModule>
# Hote HTTtdev.chaire-logiciel-libre.uqam.ca
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName ***
# Possible values include: debug, info, notice, warn, error,
# crit, alert, emerg.
LogLevel notice
CustomLog /var/log/apache2/access.log combined
ErrorLog /var/log/apache2/error.log
# Toutes les requetes HTTP sont réacheminées vers HTTPS
#RewriteEngine on
#RewriteCond %{HTTPS} !=on
#RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [L,R]
Redirect permanent / https://*****
</VirtualHost>
# Hote HTTPS
<VirtualHost _default_:443>
ServerName ****
ServerAdmin webmaster@localhost
# Toutes les requetes sont reacheminees vers Tomcat
# (Voir configuration de mod_jk)
JKMount /* worker1
# Valeurs possibles: debug, info, notice, warn, error,
# crit, alert, emerg
LogLevel debug
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/ssl_access.log combined
DocumentRoot /var/www
<Directory />
Options None
Order deny,allow
AllowOverride None
Deny from all
<LimitExcept GET POST PUT OPTIONS>
Order deny,allow
Deny from all
</LimitExcept>
SSLRequireSSL
</Directory>
# SSL est activé pour cet hote
SSLEngine on
# Désactiver les proxys SSL
SSLProxyEngine off
SSLOptions +StrictRequire
# Protocole SSL à utiliser
SSLProtocol -all TLSv1 +SSLv3
# Ne prendre en charge que la cryptographie élevée
SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
# Emplacement de la clé privée et du certificat du serveur
SSLCertificateKeyFile /etc/ssl/private/serveur.key
SSLCertificateFile /etc/ssl/certs/serveur.crt
# Chemin des symlinks vers les certificats valides
SSLCACertificateFile /etc/ssl/certs/serveur.crt
# Chemin des symlinks vers les certificats révoqués
#SSLCARevocationPath /etc/apache2/ssl.crl/
# Exiger des clients de présenter des certificats
# SSLVerifyClient require
# Profondeur de vérification de l'identité de l'émetteur
# des certificats clients
# SSLVerifyDepth 5
# Hack pour Internet Explorer
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
I've replaced the server name with ****
Regards
--
Benjamin Dreux
Analyste-Programmeur
Chaire de logiciel libre-Finance Social et solidaire
UQAM
Montréal