188.8.131.52.2. The mod_ssl Module
The configuration for
mod_sslhas been moved from the
httpd.conffile into the
/etc/httpd/conf.d/ssl.conffile. For this file to be loaded, and for
mod_sslto work, the statement
Include conf.d/*.confmust be in the
httpd.conffile as described in Section 184.108.40.206.3, “Dynamic Shared Object (DSO) Support”.
ServerNamedirectives in SSL virtual hosts must explicitly specify the port number.
For example, the following is a sample Apache HTTP Server 1.3 directive:
<VirtualHost _default_:443> # General setup for the virtual host ServerName ssl.example.name ... </VirtualHost>
To migrate this setting to Apache HTTP Server 2.0, use the following structure:
<VirtualHost _default_:443> # General setup for the virtual host ServerName ssl.host.name
It is also important to note that both the
SSLLogLeveldirectives have been removed. The
mod_sslmodule now obeys the
LogLeveldirectives. Refer to ErrorLog and LogLevel for more information about these directives.
For more on this topic, refer to the following documentation on the Apache Software Foundation's website:
Due to the vulnerability described in POODLE: SSLv3 vulnerability (CVE-2014-3566), Red Hat recommends disabling
SSLand using only
TLSv1.2. Backwards compatibility can be achieved using
TLSv1.0. Many products Red Hat supports have the ability to use
SSLv3protocols, or enable them by default. However, the use of
SSLv3is now strongly recommended against.