summaryrefslogtreecommitdiffstatsabout
path: root/README
diff options
context:
space:
mode:
Diffstat (limited to 'README')
-rw-r--r--README44
1 files changed, 31 insertions, 13 deletions
diff --git a/README b/README
index 85418de..5198ed7 100644
--- a/README
+++ b/README
@@ -11,7 +11,7 @@ to debug. I wanted to understand how it worked, and I had recently heard about
11GnuTLS, so long story short, I decided to implement a mod_gnutls. 11GnuTLS, so long story short, I decided to implement a mod_gnutls.
12 12
13Lines of Code in mod_ssl: 15,324 13Lines of Code in mod_ssl: 15,324
14Lines of Code in mod_gnutls: 1,886 14Lines of Code in mod_gnutls: 3,594
15 15
16Because of writing mod_gnutls, I now understand how input and output filters work, 16Because of writing mod_gnutls, I now understand how input and output filters work,
17better than I ever thought possible. It was a little painful at times, and some parts 17better than I ever thought possible. It was a little painful at times, and some parts
@@ -54,31 +54,26 @@ GnuTLSCache dbm conf/gnutls_cache
54 GnuTLSEnable On 54 GnuTLSEnable On
55 55
56 # This is the Private key for your server. 56 # This is the Private key for your server.
57 GnuTLSKeyFile conf/server.key 57 GnuTLSX509KeyFile conf/server.key
58 58
59 # This is the Server Certificate. 59 # This is the Server Certificate.
60 GnuTLSCertificateFile conf/server.cert 60 GnuTLSX509CertificateFile conf/server.cert
61</VirtualHost> 61</VirtualHost>
62 62
63
64# a more advanced configuration 63# a more advanced configuration
65GnuTLSCache dbm "/var/cache/www-tls-cache/cache" 64GnuTLSCache dbm "/var/cache/www-tls-cache/cache"
66GnuTLSCacheTimeout 500 65GnuTLSCacheTimeout 600
67GnuTLSProtocols TLS1.1 TLS1.0 SSL3.0
68NameVirtualHost 1.2.3.4:443 66NameVirtualHost 1.2.3.4:443
69 67
70<VirtualHost 1.2.3.4:443> 68<VirtualHost 1.2.3.4:443>
71 Servername server.com:443 69 Servername server.com:443
72 GnuTLSEnable on 70 GnuTLSEnable on
73 GnuTLSCiphers AES-128-CBC 3DES-CBC ARCFOUR-128 71 GnuTLSPriority NORMAL
74 GnuTLSKeyExchangeAlgorithms RSA DHE-RSA DHE-DSS SRP SRP-RSA SRP-DSS
75 GnuTLSMACAlgorithms SHA1 MD5
76 GnuTLSCompressionMethods NULL
77# To export exactly the same environment variables as mod_ssl to CGI scripts. 72# To export exactly the same environment variables as mod_ssl to CGI scripts.
78 GNUTLSExportCertificates on 73 GNUTLSExportCertificates on
79 74
80 GnuTLSCertificateFile /etc/apache2/server-cert.pem 75 GnuTLSX509CertificateFile /etc/apache2/server-cert.pem
81 GnuTLSKeyFile /etc/apache2/server-key.pem 76 GnuTLSX509KeyFile /etc/apache2/server-key.pem
82 77
83# To enable SRP you must have these files installed. Check the gnutls srptool. 78# To enable SRP you must have these files installed. Check the gnutls srptool.
84 GnuTLSSRPPasswdFile /etc/apache2/tpasswd 79 GnuTLSSRPPasswdFile /etc/apache2/tpasswd
@@ -88,6 +83,29 @@ NameVirtualHost 1.2.3.4:443
88# GnuTLSClientVerify could be ignore or require. The GnuTLSClientCAFile 83# GnuTLSClientVerify could be ignore or require. The GnuTLSClientCAFile
89# contains the CAs to verify client certificates. 84# contains the CAs to verify client certificates.
90 GnuTLSClientVerify request 85 GnuTLSClientVerify request
91 GnuTLSClientCAFile ca.pem 86 GnuTLSX509CAFile ca.pem
92 ... 87 ...
93</VirtualHost> 88</VirtualHost>
89
90# A setup for OpenPGP and X.509 authentication
91<VirtualHost 1.2.3.4:443>
92 Servername crystal.lan:443
93 GnuTLSEnable on
94 GnuTLSPriorities NORMAL:+COMP-NULL
95
96# setup the openpgp keys
97 GnuTLSPGPCertificateFile /etc/apache2/test.pub.asc
98 GnuTLSPGPKeyFile /etc/apache2/test.sec.asc
99
100# and the X.509 keys
101 GnuTLSCertificateFile /etc/apache2/server-cert.pem
102 GnuTLSKeyFile /etc/apache2/server-key.pem
103 GnuTLSClientVerify ignore
104
105# To avoid using the default DH params
106 GnuTLSDHFile /etc/apache2/dh.pem
107
108# these are only needed if GnuTLSClientVerify != ignore
109 GnuTLSClientCAFile ca.pem
110 GnuTLSPGPKeyringFile /etc/apache2/ring.asc
111</VirtualHost>