summaryrefslogtreecommitdiffstatsabout
path: root/README
diff options
context:
space:
mode:
Diffstat (limited to 'README')
-rw-r--r--README43
1 files changed, 38 insertions, 5 deletions
diff --git a/README b/README
index 557ba77..85418de 100644
--- a/README
+++ b/README
@@ -19,19 +19,20 @@ lift code and ideas directly from mod_ssl. Kudos to the original authors of mod_
19 19
20---------------------------- 20----------------------------
21 21
22Author: Paul Querna <chip force-elite.com 22Author: Paul Querna <chip force-elite.com>
23
24Heavily modified by Nikos Mavrogiannopoulos <nmav gnutls.org>
23 25
24License: Apache Software License v2.0. (see the LICENSE file for details) 26License: Apache Software License v2.0. (see the LICENSE file for details)
25 27
26Current Status: 28Current Status:
27- SSL and TLS connections with all popular browsers work! 29- SSL and TLS connections with all popular browsers work!
28- Sets some enviromental vars for scripts 30- Sets enviromental vars for scripts (compatible with mod_ssl vars)
29- Supports Memcached as a distributed SSL Session Cache 31- Supports Memcached as a distributed SSL Session Cache
30- Supports DBM as a local SSL Session Cache 32- Supports DBM as a local SSL Session Cache
31 33- Support for Server Name Indication
32Future Development:
33- Support for Server Name Indication (partial support is in, but disabled)
34- Support for Client Certificates 34- Support for Client Certificates
35- Support for TLS-SRP
35 36
36Basic Configuration: 37Basic Configuration:
37 38
@@ -58,3 +59,35 @@ GnuTLSCache dbm conf/gnutls_cache
58 # This is the Server Certificate. 59 # This is the Server Certificate.
59 GnuTLSCertificateFile conf/server.cert 60 GnuTLSCertificateFile conf/server.cert
60</VirtualHost> 61</VirtualHost>
62
63
64# a more advanced configuration
65GnuTLSCache dbm "/var/cache/www-tls-cache/cache"
66GnuTLSCacheTimeout 500
67GnuTLSProtocols TLS1.1 TLS1.0 SSL3.0
68NameVirtualHost 1.2.3.4:443
69
70<VirtualHost 1.2.3.4:443>
71 Servername server.com:443
72 GnuTLSEnable on
73 GnuTLSCiphers AES-128-CBC 3DES-CBC ARCFOUR-128
74 GnuTLSKeyExchangeAlgorithms RSA DHE-RSA DHE-DSS SRP SRP-RSA SRP-DSS
75 GnuTLSMACAlgorithms SHA1 MD5
76 GnuTLSCompressionMethods NULL
77# To export exactly the same environment variables as mod_ssl to CGI scripts.
78 GNUTLSExportCertificates on
79
80 GnuTLSCertificateFile /etc/apache2/server-cert.pem
81 GnuTLSKeyFile /etc/apache2/server-key.pem
82
83# To enable SRP you must have these files installed. Check the gnutls srptool.
84 GnuTLSSRPPasswdFile /etc/apache2/tpasswd
85 GnuTLSSRPPasswdConfFile /etc/apache2/tpasswd.conf
86
87# In order to verify client certificates. Other options to
88# GnuTLSClientVerify could be ignore or require. The GnuTLSClientCAFile
89# contains the CAs to verify client certificates.
90 GnuTLSClientVerify request
91 GnuTLSClientCAFile ca.pem
92 ...
93</VirtualHost>