Nexenta Operating System

Bug #381771
Comment #3

Comment 3 for bug 381771

Revision history for this message

Tim Spriggs (tim-tajinc) wrote on 2009-06-03: Re: [Bug 381771] Re: Apache 2 does not work with SSL enabled on NCP2

It looks like the only required line for this is "SSLCryptoDevice
pkcs11" Keeping the configuration the same and adding the line to
/etc/apache2/mods-available/ssl.conf has the desired effect.

Additionally, apache2 is version 2.0 and not 2.2 as hardy should be.
I'll be recompiling the newer apache and depends with the ssl.conf patch.

Phillip Steinbachs wrote:
> I stumbled upon a workaround for this. In /etc/apache2/conf.d add an
> ssl.conf with the following contents:
>
> <IfModule mod_ssl.c>
> SSLProtocol all -SSLv2
> SSLCipherSuite ALL:!ADH:!EXPORT56:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
> SSLRandomSeed startup file:/dev/urandom 512
> SSLRandomSeed connect file:/dev/urandom 512
> SSLCryptoDevice pkcs11
> </IfModule>
>
> These changes are derived from:
>
> http://src.opensolaris.org/source/xref/webstack/apache2/httpd/patches/ssl.conf.in.patch.Solaris
>
> After this, both port 80 and 443 work with the standard hardy packages.
>