diff --git a/slapos/recipe/apache_zope_backend/__init__.py b/slapos/recipe/apache_zope_backend/__init__.py index 24bca43699f56e985f0248a3c4f0a124bbd3f7dd..1aebe51dea9c389d8f8dc23656aaed88dafd119a 100644 --- a/slapos/recipe/apache_zope_backend/__init__.py +++ b/slapos/recipe/apache_zope_backend/__init__.py @@ -46,6 +46,7 @@ class Recipe(GenericBaseRecipe): required_path_list = [key, certificate] apache_conf['key'] = key apache_conf['certificate'] = certificate + apache_conf['ssl_session_cache'] = self.options['ssl-session-cache'] apache_conf['ssl_snippet'] = pkg_resources.resource_string(__name__, 'template/snippet.ssl.in') % apache_conf else: diff --git a/slapos/recipe/apache_zope_backend/template/apache.zope.conf.in b/slapos/recipe/apache_zope_backend/template/apache.zope.conf.in index 346629141e98b14f4e6c7a85ddece88679e118d4..de105b054f28e6a4e5445dfd45166dbb483fbb51 100644 --- a/slapos/recipe/apache_zope_backend/template/apache.zope.conf.in +++ b/slapos/recipe/apache_zope_backend/template/apache.zope.conf.in @@ -11,6 +11,7 @@ LoadModule setenvif_module modules/mod_setenvif.so LoadModule version_module modules/mod_version.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so +LoadModule socache_shmcb_module modules/mod_socache_shmcb.so LoadModule ssl_module modules/mod_ssl.so LoadModule mime_module modules/mod_mime.so LoadModule dav_module modules/mod_dav.so diff --git a/slapos/recipe/apache_zope_backend/template/snippet.ssl.in b/slapos/recipe/apache_zope_backend/template/snippet.ssl.in index a9ad75f86b7f52f0ee08f87c96149db2952c831c..0b9f8b357c002b1ef58a48807f760936707a38f6 100644 --- a/slapos/recipe/apache_zope_backend/template/snippet.ssl.in +++ b/slapos/recipe/apache_zope_backend/template/snippet.ssl.in @@ -8,5 +8,5 @@ SSLRandomSeed connect builtin SSLProtocol -ALL +SSLv3 +TLSv1 SSLHonorCipherOrder On SSLCipherSuite RC4-SHA:HIGH:!ADH - +SSLSessionCache shmcb:%(ssl_session_cache)s(512000) SSLProxyEngine On diff --git a/slapos/recipe/davstorage/template/httpd.conf.in b/slapos/recipe/davstorage/template/httpd.conf.in index f313c446cecbeb5bd964ee7e39f217350352586c..9fdea7ade783da6be7be6fc5420faa98d28d9563 100644 --- a/slapos/recipe/davstorage/template/httpd.conf.in +++ b/slapos/recipe/davstorage/template/httpd.conf.in @@ -14,6 +14,7 @@ LoadModule auth_digest_module "%(modules_dir)s/mod_auth_digest.so" LoadModule log_config_module "%(modules_dir)s/mod_log_config.so" LoadModule headers_module "%(modules_dir)s/mod_headers.so" LoadModule setenvif_module "%(modules_dir)s/mod_setenvif.so" +LoadModule socache_shmcb_module modules/mod_socache_shmcb.so LoadModule ssl_module "%(modules_dir)s/mod_ssl.so" LoadModule mime_module "%(modules_dir)s/mod_mime.so" LoadModule dav_module "%(modules_dir)s/mod_dav.so" diff --git a/slapos/recipe/erp5/template/apache.zope.conf.in b/slapos/recipe/erp5/template/apache.zope.conf.in index 79595dc0c228a45ba1f7744c834f6b1b7a257d24..973cd992f727630f7a0b44c0ae759e70699f7bb0 100644 --- a/slapos/recipe/erp5/template/apache.zope.conf.in +++ b/slapos/recipe/erp5/template/apache.zope.conf.in @@ -11,6 +11,7 @@ LoadModule setenvif_module modules/mod_setenvif.so LoadModule version_module modules/mod_version.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so +LoadModule socache_shmcb_module modules/mod_socache_shmcb.so LoadModule ssl_module modules/mod_ssl.so LoadModule mime_module modules/mod_mime.so LoadModule dav_module modules/mod_dav.so diff --git a/software/erp5/snippet-backend.cfg b/software/erp5/snippet-backend.cfg index 3ffa697d06b350ca6a0a990004ac61522e311761..54cca16c4bae6d2b3a6e12d9b474b7c07646a181 100644 --- a/software/erp5/snippet-backend.cfg +++ b/software/erp5/snippet-backend.cfg @@ -26,6 +26,7 @@ configuration-file = $${directory:apache-conf}/apache-%(backend_name)s.conf access-control-string = %(access_control_string)s pid-file = $${basedirectory:run}/apache-%(backend_name)s.pid lock-file = $${basedirectory:run}/apache-%(backend_name)s.lock +ssl-session-cache = $${basedirectory:log}/apache-ssl-session-cache error-log = $${basedirectory:log}/apache-%(backend_name)s-error.log access-log = $${basedirectory:log}/apache-%(backend_name)s-access.log apache-binary = ${apache:location}/bin/httpd