Difference between revisions of "Mod gnutls"
m (Typo) |
Kynikos.bot (Talk | contribs) (Template:i18n is deprecated, use interlanguage links, see Help talk:I18n#"Dummy" interlanguage links and deprecation of Template:i18n) |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
{{DISPLAYTITLE:mod_gnutls}} | {{DISPLAYTITLE:mod_gnutls}} | ||
| − | [[Category:Web Server | + | [[Category:Web Server]] |
| − | + | ||
| − | + | ||
{{Article summary start}} | {{Article summary start}} | ||
{{Article summary text|An introduction to [http://modgnutls.sourceforge.net/ mod_gnutls], covering installation and basic configuration of the Apache module.}} | {{Article summary text|An introduction to [http://modgnutls.sourceforge.net/ mod_gnutls], covering installation and basic configuration of the Apache module.}} | ||
Revision as of 16:14, 13 June 2012
Template:Article summary start Template:Article summary text Template:Article summary end
From mod_gnutls - Apache SSL/TLS module using GnuTLS library:
- mod_gnutls uses the GnuTLS library to provide SSL 3.0, TLS 1.0, TLS 1.1 and 1.2 encryption for Apache HTTPD. It is similar to mod_ssl in purpose, but does not use OpenSSL.
Contents
Installation
Install package
Install mod_gnutlsAUR, available in the Arch User Repository.
Configure Apache
- Add these lines to
/etc/httpd/conf/httpd.conf:
LoadModule gnutls_module modules/mod_gnutls.so Include conf/extra/httpd-gnutls.conf
- Make sure that the following line is commented in
/etc/httpd/conf/httpd.conf:
Include conf/extra/httpd-ssl.conf
- Create the file
/etc/httpd/conf/extra/httpd-gnutls.confwith the following content:
/etc/httpd/conf/extra/httpd-gnutls.conf
Listen 443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl GnuTLSCache dbm "/var/run/httpd/gnutls_scache" GnuTLSCacheTimeout 600 <VirtualHost _default_:443> DocumentRoot "/srv/http" ServerName www.example.org ServerAdmin youremail@example.org ErrorLog "/var/log/httpd/error_log" TransferLog "/var/log/httpd/access_log" GnuTLSEnable on GnuTLSPriorities NORMAL GNUTLSExportCertificates on GnuTLSCertificateFile /path/to/certificate/domain.tld.crt GnuTLSKeyFile /path/to/certificate/domain.tld.key </VirtualHost>
- Restart httpd (see Daemon).
- Check that Apache loaded correctly and answers on port 443.
Known issues
GnuTLS 3.0.5
With version 3.0.5 libgnutls-extra was removed from GnuTLS. Therefore mod_gnutls fails to compile with GnuTLS versions higher than 3.0.4. But it does not use any functions of libgnutls-extra, it only includes its header file. Therefore it can easily be patched. The patch is already included in the PKGBUILD found in the AUR.
Connections from localhost
mod_gnutls 0.5.10 (the version currently found in AUR) contains a bug that answers all connections from localhost in plain text. The bug was introduced in 0.5.10, previous versions do not show the problem. Please do not use 0.5.10 when running some kind of SSL/SSH multiplexer like sslh as it will break the HTTPS connection. The bug has already been resolved and will be fixed in the next release.