/etc/apache2/mods-available/ssl.conf - Ubuntu 12.04 LTS (Precise Pangolin)

This is the default example configuration of ssl.conf provided by Apache. This config file was generated by Apache running on Ubuntu 12.04.

It is located under: /etc/apache2/mods-available/ssl.conf

    <IfModule mod_ssl.c>
#
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the SSL library.
# The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
#
SSLRandomSeed startup builtin
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 512

##
##  SSL Global Context
##
##  All SSL configuration in this context applies both to
##  the main server and all SSL-enabled virtual hosts.
##

#
#   Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

#   Pass Phrase Dialog:
#   Configure the pass phrase gathering process.
#   The filtering dialog program (`builtin' is a internal
#   terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog  exec:/usr/share/apache2/ask-for-passphrase

#   Inter-Process Session Cache:
#   Configure the SSL Session Cache: First the mechanism 
#   to use and second the expiring timeout (in seconds).
#   (The mechanism dbm has known memory leaks and should not be used).
#SSLSessionCache         dbm:${APACHE_RUN_DIR}/ssl_scache
SSLSessionCache        shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
SSLSessionCacheTimeout  300

#   Semaphore:
#   Configure the path to the mutual exclusion semaphore the
#   SSL engine uses internally for inter-process synchronization. 
SSLMutex  file:${APACHE_RUN_DIR}/ssl_mutex

#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate.
#   See the mod_ssl documentation for a complete list.
#   enable only secure ciphers:
SSLCipherSuite HIGH:MEDIUM:!ADH:!MD5
#   Use this instead if you want to allow cipher upgrades via SGC facility.
#   In this case you also have to use something like 
#        SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
#   see http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html.en#upgradeenc
#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

# enable only secure protocols: SSLv3 and TLSv1, but not SSLv2
SSLProtocol all -SSLv2

# Allow insecure renegotiation with clients which do not yet support the
# secure renegotiation protocol. Default: Off
#SSLInsecureRenegotiation on

# Whether to forbid non-SNI clients to access name based virtual hosts.
# Default: Off
#SSLStrictSNIVHostCheck On

</IfModule>

    
  

Config Details

Location
/etc/apache2/mods-available/ssl.conf
Operating system
Ubuntu 12.04 LTS (Precise Pangolin)
Length
73 lines
MD5 checksum
31f28d4e82635d2393210b424369674b

Usage

Download the raw file with wget or curl

Wget

wget -O ssl.conf.example http://exampleconfig.com/static/raw/apache/ubuntu12.04/etc/apache2/mods-available/ssl.conf

cURL

curl http://exampleconfig.com/static/raw/apache/ubuntu12.04/etc/apache2/mods-available/ssl.conf > ssl.conf.example