: Log in!

メインメニュー
Google


ウェブ 検索
サイト内検索
トップ  >  Linux12歩  >  2012-02-01 httpd(apache)のupdate
20120201 httpd-2.2.22にupdateしました


設定ファイルの変更 (2.2.21-2.2.22)

--- httpd2221/conf/extra/httpd-ssl.conf	2011-09-15 11:16:24.000000000 +0900
+++ httpd2222/conf/extra/httpd-ssl.conf	2012-02-01 11:39:29.728854999 +0900
@@ -84,11 +84,29 @@ TransferLog "/var/log/httpd/access_log"
 #   Enable/Disable SSL for this virtual host.
 SSLEngine on
 
+#   SSL Protocol support:
+#   List the protocol versions which clients are allowed to
+#   connect with. Disable SSLv2 by default (cf. RFC 6176).
+SSLProtocol all -SSLv2
+
 #   SSL Cipher Suite:
 #   List the ciphers that the client is permitted to negotiate.
 #   See the mod_ssl documentation for a complete list.
-SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
 
+#   Speed-optimized SSL Cipher configuration:
+#   If speed is your main concern (on busy HTTPS servers e.g.),
+#   you might want to force clients to specific, performance
+#   optimized ciphers. In this case, prepend those ciphers
+#   to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
+#   Caveat: by giving precedence to RC4-SHA and AES128-SHA
+#   (as in the example below), most connections will no longer
+#   have perfect forward secrecy - if the server's key is
+#   compromised, captures of past or future traffic must be
+#   considered compromised, too.
+#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
+#SSLHonorCipherOrder on 
+ 
 #   Server Certificate:
 #   Point SSLCertificateFile at a PEM encoded certificate.  If
 #   the certificate is encrypted, then you will be prompted for a
@@ -218,7 +236,7 @@ SSLCertificateKeyFile "/etc/httpd/conf/s
 #   Similarly, one has to force some clients to use HTTP/1.0 to workaround
 #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
 #   "force-response-1.0" for this.
-BrowserMatch ".*MSIE.*" \
+BrowserMatch "MSIE [2-5]" \
          nokeepalive ssl-unclean-shutdown \
          downgrade-1.0 force-response-1.0

--- httpd2221/conf/httpd.conf	2011-09-15 11:16:21.000000000 +0900
+++ httpd2222/conf/httpd.conf	2012-02-01 11:39:26.088784103 +0900
@@ -375,9 +375,10 @@ DefaultType text/plain
 
 #
 # MaxRanges: Maximum number of Ranges in a request before
-# returning the entire resource, or 0 for unlimited
-# Default setting is to accept 200 Ranges
-#MaxRanges 0
+# returning the entire resource, or one of the special
+# values 'default', 'none' or 'unlimited'.
+# Default setting is to accept 200 Ranges.
+#MaxRanges unlimited
 
 #
 # EnableMMAP and EnableSendfile: On systems that support it,

CHANGES_2.2.22

・apacheサイトの"Official Announcement"や"CHANGES_2.2.22"を参照して下さい
投票数:40 平均点:5.50
前
2012-02-01 postfixのupdate
カテゴリートップ
Linux12歩
次
2012-02-03 phpのupdate