--- httpd-ssl.conf.orig Sat Apr 21 19:34:44 2018 +++ httpd-ssl.conf Fri Jul 6 07:43:44 2018 @@ -76,8 +76,10 @@ # Disable SSLv3 by default (cf. RFC 7525 3.1.1). TLSv1 (1.0) should be # disabled as quickly as practical. By the end of 2016, only the TLSv1.2 # protocol or later should remain in use. -SSLProtocol all -SSLv3 -SSLProxyProtocol all -SSLv3 +SSLProtocol +TLSv1.2 +SSLProxyProtocol +TLSv1.2 +#SSLProtocol all -SSLv3 +#SSLProxyProtocol all -SSLv3 # Pass Phrase Dialog: # Configure the pass phrase gathering process. @@ -118,14 +120,16 @@ ## SSL Virtual Host Context ## - + # General setup for the virtual host DocumentRoot "/usr/local/apache2/htdocs" ServerName www.example.com:443 ServerAdmin you@example.com ErrorLog "/usr/local/apache2/logs/error_log" -TransferLog "/usr/local/apache2/logs/access_log" + + CustomLog "logs/access_log" combined + # SSL Engine Switch: # Enable/Disable SSL for this virtual host. @@ -141,7 +145,7 @@ # Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt) # require an ECC certificate which can also be configured in # parallel. -SSLCertificateFile "/usr/local/apache2/conf/server.crt" +SSLCertificateFile "/path/to/server.crt" #SSLCertificateFile "/usr/local/apache2/conf/server-dsa.crt" #SSLCertificateFile "/usr/local/apache2/conf/server-ecc.crt" @@ -151,7 +155,7 @@ # you've both a RSA and a DSA private key you can configure # both in parallel (to also allow the use of DSA ciphers, etc.) # ECC keys, when in use, can also be configured in parallel -SSLCertificateKeyFile "/usr/local/apache2/conf/server.key" +SSLCertificateKeyFile "/path/to/server.key" #SSLCertificateKeyFile "/usr/local/apache2/conf/server-dsa.key" #SSLCertificateKeyFile "/usr/local/apache2/conf/server-ecc.key" @@ -172,7 +176,7 @@ # to point to the certificate files. Use the provided # Makefile to update the hash symlinks after changes. #SSLCACertificatePath "/usr/local/apache2/conf/ssl.crt" -#SSLCACertificateFile "/usr/local/apache2/conf/ssl.crt/ca-bundle.crt" +SSLCACertificateFile "/path/to/ca-bundle.crt" # Certificate Revocation Lists (CRL): # Set the CA revocation path where to find CA CRLs for client