SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
- SSLProtocol All -SSLv2 -SSLv3
- SSLCipherSuite HIGH:!aNULL:!MD5:!EXP
+ SSLProtocol ${mainCfg.sslProtocols}
+ SSLCipherSuite ${mainCfg.sslCiphers}
SSLHonorCipherOrder on
'';
) null ([ cfg ] ++ subservices);
documentRoot = if maybeDocumentRoot != null then maybeDocumentRoot else
- pkgs.runCommand "empty" {} "mkdir -p $out";
+ pkgs.runCommand "empty" { preferLocalBuild = true; } "mkdir -p $out";
documentRootConf = ''
DocumentRoot "${documentRoot}"
Include ${httpd}/conf/extra/httpd-multilang-errordoc.conf
Include ${httpd}/conf/extra/httpd-languages.conf
+ TraceEnable off
+
${if enableSSL then sslConf else ""}
# Fascist default - deny access to everything.
description =
"Maximum number of httpd requests answered per httpd child (prefork), 0 means unlimited";
};
+
+ sslCiphers = mkOption {
+ type = types.str;
+ default = "HIGH:!aNULL:!MD5:!EXP";
+ description = "Cipher Suite available for negotiation in SSL proxy handshake.";
+ };
+
+ sslProtocols = mkOption {
+ type = types.str;
+ default = "All -SSLv2 -SSLv3 -TLSv1";
+ example = "All -SSLv2 -SSLv3";
+ description = "Allowed SSL/TLS protocol versions.";
+ };
}
# Include the options shared between the main server and virtual hosts.
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
- SSLProtocol All -SSLv2 -SSLv3
- SSLCipherSuite HIGH:!aNULL:!MD5:!EXP
+ SSLProtocol ${mainCfg.sslProtocols}
+ SSLCipherSuite ${mainCfg.sslCiphers}
SSLHonorCipherOrder on
'';
) null ([ cfg ] ++ subservices);
documentRoot = if maybeDocumentRoot != null then maybeDocumentRoot else
- pkgs.runCommand "empty" {} "mkdir -p $out";
+ pkgs.runCommand "empty" { preferLocalBuild = true; } "mkdir -p $out";
documentRootConf = ''
DocumentRoot "${documentRoot}"
Include ${httpd}/conf/extra/httpd-multilang-errordoc.conf
Include ${httpd}/conf/extra/httpd-languages.conf
+ TraceEnable off
+
${if enableSSL then sslConf else ""}
# Fascist default - deny access to everything.
description =
"Maximum number of httpd requests answered per httpd child (prefork), 0 means unlimited";
};
+
+ sslCiphers = mkOption {
+ type = types.str;
+ default = "HIGH:!aNULL:!MD5:!EXP";
+ description = "Cipher Suite available for negotiation in SSL proxy handshake.";
+ };
+
+ sslProtocols = mkOption {
+ type = types.str;
+ default = "All -SSLv2 -SSLv3 -TLSv1";
+ example = "All -SSLv2 -SSLv3";
+ description = "Allowed SSL/TLS protocol versions.";
+ };
}
# Include the options shared between the main server and virtual hosts.
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
- SSLProtocol All -SSLv2 -SSLv3
- SSLCipherSuite HIGH:!aNULL:!MD5:!EXP
+ SSLProtocol ${mainCfg.sslProtocols}
+ SSLCipherSuite ${mainCfg.sslCiphers}
SSLHonorCipherOrder on
'';
) null ([ cfg ] ++ subservices);
documentRoot = if maybeDocumentRoot != null then maybeDocumentRoot else
- pkgs.runCommand "empty" {} "mkdir -p $out";
+ pkgs.runCommand "empty" { preferLocalBuild = true; } "mkdir -p $out";
documentRootConf = ''
DocumentRoot "${documentRoot}"
Include ${httpd}/conf/extra/httpd-multilang-errordoc.conf
Include ${httpd}/conf/extra/httpd-languages.conf
+ TraceEnable off
+
${if enableSSL then sslConf else ""}
# Fascist default - deny access to everything.
description =
"Maximum number of httpd requests answered per httpd child (prefork), 0 means unlimited";
};
+
+ sslCiphers = mkOption {
+ type = types.str;
+ default = "HIGH:!aNULL:!MD5:!EXP";
+ description = "Cipher Suite available for negotiation in SSL proxy handshake.";
+ };
+
+ sslProtocols = mkOption {
+ type = types.str;
+ default = "All -SSLv2 -SSLv3 -TLSv1";
+ example = "All -SSLv2 -SSLv3";
+ description = "Allowed SSL/TLS protocol versions.";
+ };
}
# Include the options shared between the main server and virtual hosts.
projects / perso / Immae / Config / Nix.git / commitdiff
