summaryrefslogtreecommitdiff
path: root/apache2/mods-available/gnutls.conf
blob: f5cf5f8d78ebb5d0231c2cd157727e8e7c783e63 (plain) 
    

  1. <IfModule mod_gnutls.c>
    2. 

  2. 

  3.   # The default method is to use a DBM backed cache.  It's not super fast, but
    4. 

  4.   # it's portable and doesn't require another server to be running like
    5. 

  5.   # memcached
    6. 

  6.   GnuTLSCache dbm /var/cache/apache2/gnutls_cache
    7. 

  7. 

  8.   # Enable caching (used for ticket expiration even when GnuTLSCache is unused)
    9. 

  9.   GnuTLSCacheTimeout 600
    10. 

  10. 

  11.   # mod_gnutls can optionaly use a memcached server to store SSL sessions.
    12. 

  12.   # This is useful in a cluster environment, where you want all your servers to
    13. 

  13.   # share a single SSL session cache
    14. 

  14.   #GnuTLSCache memcache "127.0.0.1 server2.example.com server3.example.com"
    15. 

  15. 

  16.   # based on <https://blog.joelj.org/ecdsa-certificates-with-apache-2-4-lets-encrypt/>
    17. 

  17.   #  * only strong EC crypto suites supporting Perfect Forward Secrecy
    18. 

  18.   #  * supported by all SNI-capable browsers
    19. 

  19.   # Options:
    20. 

  20.   #  * drop %SAFE_RENEGOTIATION for Safari 5.1.9 / OS X 10.6.8 support
    21. 

  21.   #  * add 3DES-CBS after AES-128-CBC for Android 2.3.7 support on non-SNI hosts
    22. 

  22.   #  * add CHACHA20-POLY1305 after ECDHE-ECDSA with libgnutls >= 3.4.0
    23. 

  23.   GnuTLSPriorities NONE:+ECDHE-ECDSA:+AES-256-GCM:+AES-128-GCM:+AES-256-CBC:+AES-128-CBC:+AEAD:+SHA384:+SHA256:+SHA1:+CTYPE-X509:+VERS-TLS-ALL:-VERS-SSL3.0:+COMP-NULL:+CURVE-SECP384R1:+SIGN-ECDSA-SHA512:+SIGN-ECDSA-SHA384:+SIGN-ECDSA-SHA256:+SIGN-ECDSA-SHA224:%SERVER_PRECEDENCE:%SAFE_RENEGOTIATION
    24. 

  24. 

  25. </IfModule>
    26.
generated by cgit v1.2.3 (git 2.46.0) at 2025-01-13 09:06:33 +0000