diff options
| author | Erik Abele <erikabele@apache.org> | 2004-01-04 16:04:54 +0100 |
|---|---|---|
| committer | Erik Abele <erikabele@apache.org> | 2004-01-04 16:04:54 +0100 |
| commit | 657d8aa4b4384baea15f59f7a627eb7d2adecbd7 (patch) | |
| tree | 0cda691d456b417d48ab838c23652c02e439b44f /docs | |
| parent | Remove unnecessary comments about uncompleted documentation. (diff) | |
| download | apache2-657d8aa4b4384baea15f59f7a627eb7d2adecbd7.tar.xz apache2-657d8aa4b4384baea15f59f7a627eb7d2adecbd7.zip | |
Move SSLRandomSeed out of the <IfDefine SSL> container to support
starting without SSL on platforms with no /dev/random equivalent
but a statically compiled-in mod_ssl. See PR: 25867
Submitted by: Rob Meyer <rob bigdis.com>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102179 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/conf/ssl-std.conf.in | 41 |
1 files changed, 24 insertions, 17 deletions
diff --git a/docs/conf/ssl-std.conf.in b/docs/conf/ssl-std.conf.in index 6bd410bea5..4812e54197 100644 --- a/docs/conf/ssl-std.conf.in +++ b/docs/conf/ssl-std.conf.in @@ -8,6 +8,30 @@ # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # + +# +# Pseudo Random Number Generator (PRNG): +# Configure one or more sources to seed the PRNG of the SSL library. +# The seed data should be of good random quality. +# WARNING! On some platforms /dev/random blocks if not enough entropy +# is available. This means you then cannot use the /dev/random device +# because it would lead to very long connection times (as long as +# it requires to make more entropy available). But usually those +# platforms additionally provide a /dev/urandom device which doesn't +# block. So, if available, use this one instead. Read the mod_ssl User +# Manual for more details. +# +# Note: This must come before the <IfDefine SSL> container to support +# starting without SSL on platforms with no /dev/random equivalent +# but a statically compiled-in mod_ssl. +# +SSLRandomSeed startup builtin +SSLRandomSeed connect builtin +#SSLRandomSeed startup file:/dev/random 512 +#SSLRandomSeed startup file:/dev/urandom 512 +#SSLRandomSeed connect file:/dev/random 512 +#SSLRandomSeed connect file:/dev/urandom 512 + <IfDefine SSL> # @@ -52,23 +76,6 @@ SSLSessionCacheTimeout 300 # SSL engine uses internally for inter-process synchronization. SSLMutex file:@exp_runtimedir@/ssl_mutex -# Pseudo Random Number Generator (PRNG): -# Configure one or more sources to seed the PRNG of the -# SSL library. The seed data should be of good random quality. -# WARNING! On some platforms /dev/random blocks if not enough entropy -# is available. This means you then cannot use the /dev/random device -# because it would lead to very long connection times (as long as -# it requires to make more entropy available). But usually those -# platforms additionally provide a /dev/urandom device which doesn't -# block. So, if available, use this one instead. Read the mod_ssl User -# Manual for more details. -SSLRandomSeed startup builtin -SSLRandomSeed connect builtin -#SSLRandomSeed startup file:/dev/random 512 -#SSLRandomSeed startup file:/dev/urandom 512 -#SSLRandomSeed connect file:/dev/random 512 -#SSLRandomSeed connect file:/dev/urandom 512 - ## ## SSL Virtual Host Context ## |