summaryrefslogtreecommitdiff
path: root/apache2/mods-available/gnutls.conf.diff
blob: c8561b470acb1b557cd72502537f6a5e358cf28b (plain) 
    

  1. --- gnutls.conf.orig    2011-07-19 19:02:55.000000000 +0200
    2. 

  2. +++ gnutls.conf 2016-04-28 03:27:13.000000000 +0200
    3. 

  3. @@ -5,9 +5,21 @@
    4. 

  4.    # memcached
    5. 

  5.    GnuTLSCache dbm /var/cache/apache2/gnutls_cache
    6. 

  6.  
    7. 

  7. +  # Enable caching (used for ticket expiration even when GnuTLSCache is unused)
    8. 

  8. +  GnuTLSCacheTimeout 600
    9. 

  9. +
    10. 

  10.    # mod_gnutls can optionaly use a memcached server to store SSL sessions.
    11. 

  11.    # This is useful in a cluster environment, where you want all your servers to
    12. 

  12.    # share a single SSL session cache
    13. 

  13.    #GnuTLSCache memcache "127.0.0.1 server2.example.com server3.example.com"
    14. 

  14.  
    15. 

  15. +  # based on <https://blog.joelj.org/ecdsa-certificates-with-apache-2-4-lets-encrypt/>
    16. 

  16. +  #  * only strong EC crypto suites supporting Perfect Forward Secrecy
    17. 

  17. +  #  * supported by all SNI-capable browsers
    18. 

  18. +  # Options:
    19. 

  19. +  #  * drop %SAFE_RENEGOTIATION for Safari 5.1.9 / OS X 10.6.8 support
    20. 

  20. +  #  * add 3DES-CBS after AES-128-CBC for Android 2.3.7 support on non-SNI hosts
    21. 

  21. +  #  * add CHACHA20-POLY1305 after ECDHE-ECDSA with libgnutls >= 3.4.0
    22. 

  22. +  GnuTLSPriorities NONE:+ECDHE-ECDSA:+AES-256-GCM:+AES-128-GCM:+AES-256-CBC:+AES-128-CBC:+AEAD:+SHA384:+SHA256:+SHA1:+CTYPE-X509:+VERS-TLS-ALL:-VERS-SSL3.0:+COMP-NULL:+CURVE-SECP384R1:+SIGN-ECDSA-SHA512:+SIGN-ECDSA-SHA384:+SIGN-ECDSA-SHA256:+SIGN-ECDSA-SHA224:%SERVER_PRECEDENCE:%SAFE_RENEGOTIATION
    23. 

  23. +
    24. 

  24.  </IfModule>
    25.
generated by cgit v1.2.3 (git 2.46.0) at 2025-01-13 07:51:25 +0000