blob: d6504c3a758b9d615a693df80ad9335058bdedb5 (
plain)
- --- gnutls.conf.orig
- +++ gnutls.conf
- @@ -1,13 +1,19 @@
- <IfModule mod_gnutls.c>
-
- - # The default method is to use a DBM backed cache. It's not super fast, but
- - # it's portable and doesn't require another server to be running like
- - # memcached
- - GnuTLSCache dbm /var/cache/apache2/gnutls_cache
- + # Use an SHMCB backed session cache unless you have special needs.
- + # (The dbm backend has known memory leaks and should not be used).
- + GnuTLSCache shmcb:${APACHE_RUN_DIR}/gnutls_cache(65536)
-
- - # mod_gnutls can optionaly use a memcached server to store SSL sessions.
- - # This is useful in a cluster environment, where you want all your servers to
- - # share a single SSL session cache
- + # An alternative is to use a memcached server to store SSL sessions.
- + # This is useful in a cluster environment,
- + # where you want all your servers to share a single SSL session cache.
- #GnuTLSCache memcache "127.0.0.1 server2.example.com server3.example.com"
-
- + # Require Perfect Forward Secrecy and recent TLS protocol versions
- + # This should be supported by all SNI-capable browsers
- + # You can validate e.g. at <https://www.ssllabs.com/ssltest/>
- + GnuTLSPriorities PFS:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:%SERVER_PRECEDENCE
- +
- + GnuTLSOCSPStapling off
- +
- </IfModule>
|
