From 0b6ded513adda502b62561dd7d403e9ff477de4b Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Thu, 13 Feb 2020 13:54:00 +0100
Subject: add apache2 config-available ssl snippet

---
 apache2/conf-available/local-ssl.conf | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 apache2/conf-available/local-ssl.conf

(limited to 'apache2')

diff --git a/apache2/conf-available/local-ssl.conf b/apache2/conf-available/local-ssl.conf
new file mode 100644
index 0000000..ae0d6fa
--- /dev/null
+++ b/apache2/conf-available/local-ssl.conf
@@ -0,0 +1,25 @@
+SSLEngine on
+#SSLCertificateFile /etc/ssl/certs/apache2.pem
+#SSLCertificateKeyFile /etc/ssl/private/apache2.pem
+SSLCACertificatePath /etc/ssl/certs/
+#SSLCARevocationPath /etc/apache2/ssl.crl/
+#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
+
+#SSLVerifyClient require
+#SSLVerifyDepth  10
+
+#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+<FilesMatch "\.(cgi|shtml|phtml|php)$">
+	SSLOptions +StdEnvVars
+</FilesMatch>
+<Directory /usr/lib/cgi-bin>
+	SSLOptions +StdEnvVars
+</Directory>
+
+BrowserMatch "MSIE [2-6]" \
+	nokeepalive ssl-unclean-shutdown \
+	downgrade-1.0 force-response-1.0
+# MSIE 7 and newer should be able to use keepalive
+BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+
+#CustomLog /var/log/apache2/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
-- 
cgit v1.2.3