Configure Apache to make it run without SSL renegotiation
After the issues due to Apache renegotiation made public on November 2009, it is advised to configure Apache this way:On the SSL virtualhost root
SSLVerifyDepth 4 SSLVerifyClient none (ou require) SSLCipherSuite !EDH:!ADH:!DSS:!RC4:HIGH:+3DES SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder on # apache 2.1+Then inside your virtualhost, or in the .htaccess of your DocumentRoot, do not ever use the 4 instructions up here.
It makes Apache negotiate the right values from the root and not to renegotiate them after.
Downside: you can not configure a site without certificate authentication on the root with one repertory requiring a certificate anymore. You will have to create a special site that requires the user certificate from the root.
Last edited on 06/18/2015 07:33:33 --- [search]