diff options
Diffstat (limited to 'README')
-rw-r--r-- | README | 43 |
1 files changed, 38 insertions, 5 deletions
@@ -19,19 +19,20 @@ lift code and ideas directly from mod_ssl. Kudos to the original authors of mod_ | |||
19 | 19 | ||
20 | ---------------------------- | 20 | ---------------------------- |
21 | 21 | ||
22 | Author: Paul Querna <chip force-elite.com | 22 | Author: Paul Querna <chip force-elite.com> |
23 | |||
24 | Heavily modified by Nikos Mavrogiannopoulos <nmav gnutls.org> | ||
23 | 25 | ||
24 | License: Apache Software License v2.0. (see the LICENSE file for details) | 26 | License: Apache Software License v2.0. (see the LICENSE file for details) |
25 | 27 | ||
26 | Current Status: | 28 | Current Status: |
27 | - SSL and TLS connections with all popular browsers work! | 29 | - SSL and TLS connections with all popular browsers work! |
28 | - Sets some enviromental vars for scripts | 30 | - Sets enviromental vars for scripts (compatible with mod_ssl vars) |
29 | - Supports Memcached as a distributed SSL Session Cache | 31 | - Supports Memcached as a distributed SSL Session Cache |
30 | - Supports DBM as a local SSL Session Cache | 32 | - Supports DBM as a local SSL Session Cache |
31 | 33 | - Support for Server Name Indication | |
32 | Future Development: | ||
33 | - Support for Server Name Indication (partial support is in, but disabled) | ||
34 | - Support for Client Certificates | 34 | - Support for Client Certificates |
35 | - Support for TLS-SRP | ||
35 | 36 | ||
36 | Basic Configuration: | 37 | Basic Configuration: |
37 | 38 | ||
@@ -58,3 +59,35 @@ GnuTLSCache dbm conf/gnutls_cache | |||
58 | # This is the Server Certificate. | 59 | # This is the Server Certificate. |
59 | GnuTLSCertificateFile conf/server.cert | 60 | GnuTLSCertificateFile conf/server.cert |
60 | </VirtualHost> | 61 | </VirtualHost> |
62 | |||
63 | |||
64 | # a more advanced configuration | ||
65 | GnuTLSCache dbm "/var/cache/www-tls-cache/cache" | ||
66 | GnuTLSCacheTimeout 500 | ||
67 | GnuTLSProtocols TLS1.1 TLS1.0 SSL3.0 | ||
68 | NameVirtualHost 1.2.3.4:443 | ||
69 | |||
70 | <VirtualHost 1.2.3.4:443> | ||
71 | Servername server.com:443 | ||
72 | GnuTLSEnable on | ||
73 | GnuTLSCiphers AES-128-CBC 3DES-CBC ARCFOUR-128 | ||
74 | GnuTLSKeyExchangeAlgorithms RSA DHE-RSA DHE-DSS SRP SRP-RSA SRP-DSS | ||
75 | GnuTLSMACAlgorithms SHA1 MD5 | ||
76 | GnuTLSCompressionMethods NULL | ||
77 | # To export exactly the same environment variables as mod_ssl to CGI scripts. | ||
78 | GNUTLSExportCertificates on | ||
79 | |||
80 | GnuTLSCertificateFile /etc/apache2/server-cert.pem | ||
81 | GnuTLSKeyFile /etc/apache2/server-key.pem | ||
82 | |||
83 | # To enable SRP you must have these files installed. Check the gnutls srptool. | ||
84 | GnuTLSSRPPasswdFile /etc/apache2/tpasswd | ||
85 | GnuTLSSRPPasswdConfFile /etc/apache2/tpasswd.conf | ||
86 | |||
87 | # In order to verify client certificates. Other options to | ||
88 | # GnuTLSClientVerify could be ignore or require. The GnuTLSClientCAFile | ||
89 | # contains the CAs to verify client certificates. | ||
90 | GnuTLSClientVerify request | ||
91 | GnuTLSClientCAFile ca.pem | ||
92 | ... | ||
93 | </VirtualHost> | ||