blob: 2e6ca67736946755330a05320237407ea3640802 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
##
## mod_http2 test config
##
<IfDefine APACHE2>
<IfModule http2_module>
LogLevel http2:debug
<VirtualHost h2c>
Protocols h2c http/1.1
<IfModule @CGI_MODULE@>
<Directory @SERVERROOT@/htdocs/modules/h2>
Options +ExecCGI
AddHandler cgi-script .pl
</Directory>
</IfModule>
<Location /modules/h2/hello.pl>
</Location>
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^/modules/h2/latest.tar.gz$ /modules/h2/xxx-1.0.2a.tar.gz [R=302,NC]
</IfModule>
</VirtualHost>
<IfModule @ssl_module@>
<VirtualHost @SERVERNAME@:h2>
Protocols h2 http/1.1
H2Direct on
SSLEngine on
SSLCACertificateFile @SSLCA@/asf/certs/ca.crt
SSLCACertificatePath @ServerRoot@/conf/ssl
SSLCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl
SSLCARevocationCheck chain
# taken from https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
#
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
SSLProtocol All -SSLv2 -SSLv3
SSLOptions +StdEnvVars
<IfVersion >= 2.4.18>
# need this off as long as we ran on old openssl
H2ModernTLSOnly off
</IfVersion>
<IfModule @CGI_MODULE@>
<Directory @SERVERROOT@/htdocs/modules/h2>
Options +ExecCGI
AddHandler cgi-script .pl
</Directory>
</IfModule>
<Location /modules/h2/hello.pl>
</Location>
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^/modules/h2/latest.tar.gz$ /modules/h2/xxx-1.0.2a.tar.gz [R=302,NC]
</IfModule>
</VirtualHost>
<VirtualHost noh2.example.org:h2>
Protocols http/1.1
H2Direct off
</VirtualHost>
<VirtualHost test.example.org:h2>
Protocols h2 http/1.1
H2Direct on
SSLEngine on
SSLCACertificateFile @SSLCA@/asf/certs/ca.crt
SSLCACertificatePath @ServerRoot@/conf/ssl
SSLCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl
SSLCARevocationCheck chain
# taken from https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
#
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
SSLProtocol All -SSLv2 -SSLv3
SSLOptions +StdEnvVars
</VirtualHost>
<VirtualHost test2.example.org:h2>
Protocols http/1.1 h2
H2Direct on
</VirtualHost>
<VirtualHost test-ser.example.org:h2>
</VirtualHost>
</ifModule>
</IfModule>
</IfDefine>
|
