test/script/virtualservice/materials/virtualservice-151-sslproxy.target.cf

   1 # ssl configuration file.
   2 # /etc/l7vs/sslproxy/sslproxy.target.cf
   3
   4 [ssl]
   5 # Global configuration.
   6 timeout_sec = 30
   7
   8 # SSL configuration.
   9 ca_dir = "/etc/l7vs/sslproxy/"
  10 ca_file = "root.pem"
  11 cert_chain_dir = "/etc/l7vs/sslproxy/"
  12 cert_chain_file = "server.pem"
  13 private_key_dir = "/etc/l7vs/sslproxy/"
  14 private_key_file = "server.pem"
  15 private_key_filetype = "SSL_FILETYPE_PEM"
  16 #private_key_filetype = "SSL_FILETYPE_ASN1"
  17 private_key_passwd_dir = "/etc/l7vs/sslproxy/"
  18 private_key_passwd_file = "passwd.txt"
  19 verify_options = "SSL_VERIFY_NONE"
  20 #verify_options = "SSL_VERIFY_PEER"
  21 #verify_options = "SSL_VERIFY_FAIL_IF_NO_PEER_CERT"
  22 #verify_options = "SSL_VERIFY_CLIENT_ONCE"
  23 verify_cert_depth = 9
  24 #ssl_options = "SSL_OP_MICROSOFT_SESS_ID_BUG"
  25 #ssl_options = "SSL_OP_NETSCAPE_CHALLENGE_BUG"
  26 #ssl_options = "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG"
  27 #ssl_options = "SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG"
  28 #ssl_options = "SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER"
  29 #ssl_options = "SSL_OP_MSIE_SSLV2_RSA_PADDING"
  30 #ssl_options = "SSL_OP_SSLEAY_080_CLIENT_DH_BUG"
  31 #ssl_options = "SSL_OP_TLS_D5_BUG"
  32 #ssl_options = "SSL_OP_TLS_BLOCK_PADDING_BUG"
  33 #ssl_options = "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS"
  34 ssl_options = "SSL_OP_ALL"
  35 #ssl_options = "SSL_OP_NO_QUERY_MTU"
  36 #ssl_options = "SSL_OP_COOKIE_EXCHANGE"
  37 #ssl_options = "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION"
  38 #ssl_options = "SSL_OP_SINGLE_ECDH_USE"
  39 #ssl_options = "SSL_OP_SINGLE_DH_USE"
  40 #ssl_options = "SSL_OP_EPHEMERAL_RSA"
  41 #ssl_options = "SSL_OP_CIPHER_SERVER_PREFERENCE"
  42 #ssl_options = "SSL_OP_TLS_ROLLBACK_BUG"
  43 ssl_options = "SSL_OP_NO_SSLv2"
  44 #ssl_options = "SSL_OP_NO_SSLv3"
  45 #ssl_options = "SSL_OP_NO_TLSv1"
  46 #ssl_options = "SSL_OP_PKCS1_CHECK_1"
  47 #ssl_options = "SSL_OP_PKCS1_CHECK_2"
  48 #ssl_options = "SSL_OP_NETSCAPE_CA_DN_BUG"
  49 #ssl_options = "SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG"
  50 #tmp_dh_dir = "/etc/l7vs/sslproxy/"
  51 #tmp_dh_file = "dh512.pem"
  52 cipher_list = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"
  53
  54 # SSL session cache configuration.
  55 session_cache = "on"
  56 session_cache_size = 40960
  57 session_cache_timeout = 10