diff options
| author | 2007-11-28 18:29:21 +0000 | |
|---|---|---|
| committer | 2007-11-28 18:29:21 +0000 | |
| commit | 7bebb42365c3bf0bee9e4618dc45bd8ca5d164a1 (patch) | |
| tree | a5d6d38a76da9f3a36205294c5bfb8e0b3f0d96d /README | |
| parent | 8e33f2d4c149fe8b6d2f1f3bdb06c52da53952f1 (diff) | |
upgraded to 0.4.0
Diffstat (limited to 'README')
| -rw-r--r-- | README | 43 | 
1 files changed, 38 insertions, 5 deletions
| @@ -19,19 +19,20 @@ lift code and ideas directly from mod_ssl. Kudos to the original authors of mod_ | |||
| 19 | 19 | ||
| 20 | ---------------------------- | 20 | ---------------------------- | 
| 21 | 21 | ||
| 22 | Author: Paul Querna <chip force-elite.com | 22 | Author: Paul Querna <chip force-elite.com> | 
| 23 | |||
| 24 | Heavily modified by Nikos Mavrogiannopoulos <nmav gnutls.org> | ||
| 23 | 25 | ||
| 24 | License: Apache Software License v2.0. (see the LICENSE file for details) | 26 | License: Apache Software License v2.0. (see the LICENSE file for details) | 
| 25 | 27 | ||
| 26 | Current Status: | 28 | Current Status: | 
| 27 | - SSL and TLS connections with all popular browsers work! | 29 | - SSL and TLS connections with all popular browsers work! | 
| 28 | - Sets some enviromental vars for scripts | 30 | - Sets enviromental vars for scripts (compatible with mod_ssl vars) | 
| 29 | - Supports Memcached as a distributed SSL Session Cache | 31 | - Supports Memcached as a distributed SSL Session Cache | 
| 30 | - Supports DBM as a local SSL Session Cache | 32 | - Supports DBM as a local SSL Session Cache | 
| 31 | 33 | - Support for Server Name Indication | |
| 32 | Future Development: | ||
| 33 | - Support for Server Name Indication (partial support is in, but disabled) | ||
| 34 | - Support for Client Certificates | 34 | - Support for Client Certificates | 
| 35 | - Support for TLS-SRP | ||
| 35 | 36 | ||
| 36 | Basic Configuration: | 37 | Basic Configuration: | 
| 37 | 38 | ||
| @@ -58,3 +59,35 @@ GnuTLSCache dbm conf/gnutls_cache | |||
| 58 | # This is the Server Certificate. | 59 | # This is the Server Certificate. | 
| 59 | GnuTLSCertificateFile conf/server.cert | 60 | GnuTLSCertificateFile conf/server.cert | 
| 60 | </VirtualHost> | 61 | </VirtualHost> | 
| 62 | |||
| 63 | |||
| 64 | # a more advanced configuration | ||
| 65 | GnuTLSCache dbm "/var/cache/www-tls-cache/cache" | ||
| 66 | GnuTLSCacheTimeout 500 | ||
| 67 | GnuTLSProtocols TLS1.1 TLS1.0 SSL3.0 | ||
| 68 | NameVirtualHost 1.2.3.4:443 | ||
| 69 | |||
| 70 | <VirtualHost 1.2.3.4:443> | ||
| 71 | Servername server.com:443 | ||
| 72 | GnuTLSEnable on | ||
| 73 | GnuTLSCiphers AES-128-CBC 3DES-CBC ARCFOUR-128 | ||
| 74 | GnuTLSKeyExchangeAlgorithms RSA DHE-RSA DHE-DSS SRP SRP-RSA SRP-DSS | ||
| 75 | GnuTLSMACAlgorithms SHA1 MD5 | ||
| 76 | GnuTLSCompressionMethods NULL | ||
| 77 | # To export exactly the same environment variables as mod_ssl to CGI scripts. | ||
| 78 | GNUTLSExportCertificates on | ||
| 79 | |||
| 80 | GnuTLSCertificateFile /etc/apache2/server-cert.pem | ||
| 81 | GnuTLSKeyFile /etc/apache2/server-key.pem | ||
| 82 | |||
| 83 | # To enable SRP you must have these files installed. Check the gnutls srptool. | ||
| 84 | GnuTLSSRPPasswdFile /etc/apache2/tpasswd | ||
| 85 | GnuTLSSRPPasswdConfFile /etc/apache2/tpasswd.conf | ||
| 86 | |||
| 87 | # In order to verify client certificates. Other options to | ||
| 88 | # GnuTLSClientVerify could be ignore or require. The GnuTLSClientCAFile | ||
| 89 | # contains the CAs to verify client certificates. | ||
| 90 | GnuTLSClientVerify request | ||
| 91 | GnuTLSClientCAFile ca.pem | ||
| 92 | ... | ||
| 93 | </VirtualHost> | ||
