Difference between revisions of "Mod gnutls"

From ArchWiki
Jump to: navigation, search
(Created page)
 
(Following Help:Style)
Line 1: Line 1:
 
{{DISPLAYTITLE:mod_gnutls}}
 
{{DISPLAYTITLE:mod_gnutls}}
 
[[Category:Web Server (English)]]
 
[[Category:Web Server (English)]]
 +
{{i18n|mod_gnutls}}
 +
{{Article summary start}}
 +
{{Article summary text|An introduction to [http://modgnutls.sourceforge.net/ mod_gnutls], covering installation and basic configuration of the Apache module.}}
 +
{{Article summary end}}
  
== Introduction ==
+
From [http://modgnutls.sourceforge.net/ mod_gnutls - Apache SSL/TLS module using GnuTLS library]:
mod_gnutls uses the GnuTLS library to provide SSL 3.0, TLS 1.0, TLS 1.1 and 1.2 encryption for [[Apache]] HTTPD. It is similar to [[mod_ssl]] in purpose, but does not use OpenSSL.
+
 
 +
:''mod_gnutls uses the GnuTLS library to provide SSL 3.0, TLS 1.0, TLS 1.1 and 1.2 encryption for Apache HTTPD. It is similar to mod_ssl in purpose, but does not use OpenSSL.''
  
 
== Installation ==
 
== Installation ==
  
===Install Package===
+
===Install package===
Find the {{AUR|mod_gnutls}} package in the [[AUR]].
+
Install {{AUR|mod_gnutls}}, available in the [[Arch User Repository]].
  
 
===Configure Apache===
 
===Configure Apache===
 
* Add these lines to <code>/etc/httpd/conf/httpd.conf</code>:
 
* Add these lines to <code>/etc/httpd/conf/httpd.conf</code>:
LoadModule gnutls_module modules/mod_gnutls.so
+
{{bc|
Include conf/extra/httpd-gnutls.conf
+
LoadModule gnutls_module modules/mod_gnutls.so
 +
Include conf/extra/httpd-gnutls.conf}}
  
 
* Make sure that the following line is commented in <code>/etc/httpd/conf/httpd.conf</code>:
 
* Make sure that the following line is commented in <code>/etc/httpd/conf/httpd.conf</code>:
Include conf/extra/httpd-ssl.conf
+
{{bc|
 +
Include conf/extra/httpd-ssl.conf}}
  
 
* Create the file <code>/etc/httpd/conf/extra/httpd-gnutls.conf</code> with the following content:
 
* Create the file <code>/etc/httpd/conf/extra/httpd-gnutls.conf</code> with the following content:
  Listen 443
+
  {{hc|/etc/httpd/conf/extra/httpd-gnutls.conf|
AddType application/x-x509-ca-cert .crt
+
Listen 443
AddType application/x-pkcs7-crl    .crl
+
GnuTLSCache dbm "/var/run/httpd/gnutls_scache"
+
GnuTLSCacheTimeout 600
+
<VirtualHost _default_:443>
+
DocumentRoot "/srv/http"
+
ServerName www.example.org
+
ServerAdmin youremail@example.org
+
ErrorLog "/var/log/httpd/error_log"
+
TransferLog "/var/log/httpd/access_log"
+
GnuTLSEnable on
+
GnuTLSPriorities NORMAL
+
GNUTLSExportCertificates on
+
GnuTLSCertificateFile /path/to/certificate/domain.tld.crt
+
GnuTLSKeyFile /path/to/certificate/domain.tld.key
+
</VirtualHost>
+
  
* Restart Apache
+
AddType application/x-x509-ca-cert .crt
# /etc/rc.d/httpd restart
+
AddType application/x-pkcs7-crl    .crl
 +
 
 +
GnuTLSCache dbm "/var/run/httpd/gnutls_scache"
 +
GnuTLSCacheTimeout 600
 +
 
 +
<VirtualHost _default_:443>
 +
 
 +
DocumentRoot "/srv/http"
 +
ServerName www.example.org
 +
ServerAdmin youremail@example.org
 +
ErrorLog "/var/log/httpd/error_log"
 +
TransferLog "/var/log/httpd/access_log"
 +
 
 +
GnuTLSEnable on
 +
GnuTLSPriorities NORMAL
 +
 
 +
GNUTLSExportCertificates on
 +
 
 +
GnuTLSCertificateFile /path/to/certificate/domain.tld.crt
 +
GnuTLSKeyFile /path/to/certificate/domain.tld.key
 +
 
 +
</VirtualHost>}}
 +
 
 +
* Restart httpd (see [[Daemon]]).
  
 
* Check that Apache loaded correctly and answers on port 443.
 
* Check that Apache loaded correctly and answers on port 443.
  
== Known problems ==
+
== Known issues ==
  
 
===GnuTLS 3.0.5===
 
===GnuTLS 3.0.5===
Line 49: Line 64:
 
===Connections from localhost===
 
===Connections from localhost===
 
mod_gnutls 0.5.10 (the version currently found in AUR) contains a bug that answers all connections from localhost in plain text. The bug was introduced in 0.5.10, previous versions do not show the problem. Please do not use 0.5.10 when running some kind of SSL/SSH multiplexer like sslh as it will break the HTTPS connection. The bug has already been resolved in will be fixed in the next release.
 
mod_gnutls 0.5.10 (the version currently found in AUR) contains a bug that answers all connections from localhost in plain text. The bug was introduced in 0.5.10, previous versions do not show the problem. Please do not use 0.5.10 when running some kind of SSL/SSH multiplexer like sslh as it will break the HTTPS connection. The bug has already been resolved in will be fixed in the next release.
 
== See Also ==
 
<ul>
 
<li>[http://modgnutls.sourceforge.net/ Official mod_gnutls website]</li>
 
</ul>
 

Revision as of 10:06, 22 March 2012

This template has only maintenance purposes. For linking to local translations please use interlanguage links, see Help:i18n#Interlanguage links.


Local languages: Català – Dansk – English – Español – Esperanto – Hrvatski – Indonesia – Italiano – Lietuviškai – Magyar – Nederlands – Norsk Bokmål – Polski – Português – Slovenský – Česky – Ελληνικά – Български – Русский – Српски – Українська – עברית – العربية – ไทย – 日本語 – 正體中文 – 简体中文 – 한국어


External languages (all articles in these languages should be moved to the external wiki): Deutsch – Français – Română – Suomi – Svenska – Tiếng Việt – Türkçe – فارسی

Template:Article summary start Template:Article summary text Template:Article summary end

From mod_gnutls - Apache SSL/TLS module using GnuTLS library:

mod_gnutls uses the GnuTLS library to provide SSL 3.0, TLS 1.0, TLS 1.1 and 1.2 encryption for Apache HTTPD. It is similar to mod_ssl in purpose, but does not use OpenSSL.

Installation

Install package

Install mod_gnutlsAUR, available in the Arch User Repository.

Configure Apache

  • Add these lines to /etc/httpd/conf/httpd.conf:
LoadModule gnutls_module modules/mod_gnutls.so
Include conf/extra/httpd-gnutls.conf
  • Make sure that the following line is commented in /etc/httpd/conf/httpd.conf:
Include conf/extra/httpd-ssl.conf
  • Create the file /etc/httpd/conf/extra/httpd-gnutls.conf with the following content:
/etc/httpd/conf/extra/httpd-gnutls.conf
Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

GnuTLSCache dbm "/var/run/httpd/gnutls_scache"
GnuTLSCacheTimeout 600

<VirtualHost _default_:443>

DocumentRoot "/srv/http"
ServerName www.example.org
ServerAdmin youremail@example.org
ErrorLog "/var/log/httpd/error_log"
TransferLog "/var/log/httpd/access_log"

GnuTLSEnable on
GnuTLSPriorities NORMAL

GNUTLSExportCertificates on

GnuTLSCertificateFile /path/to/certificate/domain.tld.crt
GnuTLSKeyFile /path/to/certificate/domain.tld.key

</VirtualHost>
  • Check that Apache loaded correctly and answers on port 443.

Known issues

GnuTLS 3.0.5

With version 3.0.5 libgnutls-extra was removed from GnuTLS. Therefore mod_gnutls fails to compile with GnuTLS versions higher than 3.0.4. But it does not use any functions of libgnutls-extra, it only includes its header file. Therefore it can easily be patched. The patch is already included in the PKGBUILD found in the AUR.

Connections from localhost

mod_gnutls 0.5.10 (the version currently found in AUR) contains a bug that answers all connections from localhost in plain text. The bug was introduced in 0.5.10, previous versions do not show the problem. Please do not use 0.5.10 when running some kind of SSL/SSH multiplexer like sslh as it will break the HTTPS connection. The bug has already been resolved in will be fixed in the next release.