summaryrefslogtreecommitdiff
path: root/apache2/mods-available/gnutls.conf
blob: 310993891d0869a5e0ea847bbaa2e0554b885fb5 (plain) 
    

  1. <IfModule mod_gnutls.c>
    2. 

  2. 

  3.   # Use an SHMCB backed session cache unless you have special needs.
    4. 

  4.   # (The dbm backend has known memory leaks and should not be used).
    5. 

  5.   GnuTLSCache shmcb:${APACHE_RUN_DIR}/gnutls_cache(65536)
    6. 

  6. 

  7.   # An alternative is to use a memcached server to store SSL sessions.
    8. 

  8.   # This is useful in a cluster environment,
    9. 

  9.   # where you want all your servers to share a single SSL session cache.
    10. 

  10.   #GnuTLSCache memcache "127.0.0.1 server2.example.com server3.example.com"
    11. 

  11. 

  12.   # Require Perfect Forward Secrecy and recent TLS protocol versions
    13. 

  13.   # This should be supported by all SNI-capable browsers
    14. 

  14.   # You can validate e.g. at <https://www.ssllabs.com/ssltest/>
    15. 

  15.   GnuTLSPriorities PFS:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:%SERVER_PRECEDENCE
    16. 

  16. 

  17.   GnuTLSOCSPStapling off
    18. 

  18. 

  19. </IfModule>
    20.
generated by cgit v1.2.3 (git 2.46.0) at 2025-01-26 16:11:16 +0000