From 3f0c72457c4b0d3376a67933feef0369026e628e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Mon, 12 Aug 2024 14:14:08 +0200 Subject: [PATCH] Resolves: RHEL-50031 - httpd default config changes --- httpd.spec | 5 ++++- ssl.conf | 18 +----------------- 2 files changed, 5 insertions(+), 18 deletions(-) diff --git a/httpd.spec b/httpd.spec index b8acc3b..3f1a4de 100644 --- a/httpd.spec +++ b/httpd.spec @@ -25,7 +25,7 @@ Summary: Apache HTTP Server Name: httpd Version: 2.4.62 -Release: 3%{?dist} +Release: 4%{?dist} URL: https://httpd.apache.org/ Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc @@ -831,6 +831,9 @@ exit $rv %{_rpmconfigdir}/macros.d/macros.httpd %changelog +* Mon Aug 12 2024 Luboš Uhliarik - 2.4.62-4 +- Resolves: RHEL-50031 - httpd default config changes + * Thu Aug 08 2024 Luboš Uhliarik - 2.4.62-3 - Resolves: RHEL-53632 - RFE: httpd, add IP_FREEBIND support for Listen - Resolves: RHEL-53722 - [RFE] ProxyWebsocketIdleTimeout from diff --git a/ssl.conf b/ssl.conf index 373b9e5..d28adf3 100644 --- a/ssl.conf +++ b/ssl.conf @@ -23,22 +23,6 @@ SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog SSLSessionCache shmcb:/run/httpd/sslcache(512000) SSLSessionCacheTimeout 300 -# Pseudo Random Number Generator (PRNG): -# Configure one or more sources to seed the PRNG of the -# SSL library. The seed data should be of good random quality. -# WARNING! On some platforms /dev/random blocks if not enough entropy -# is available. This means you then cannot use the /dev/random device -# because it would lead to very long connection times (as long as -# it requires to make more entropy available). But usually those -# platforms additionally provide a /dev/urandom device which doesn't -# block. So, if available, use this one instead. Read the mod_ssl User -# Manual for more details. -SSLRandomSeed startup file:/dev/urandom 256 -SSLRandomSeed connect builtin -#SSLRandomSeed startup file:/dev/random 512 -#SSLRandomSeed connect file:/dev/random 512 -#SSLRandomSeed connect file:/dev/urandom 512 - # # Use "SSLCryptoDevice" to enable any supported hardware # accelerators. Use "openssl engine -v" to list supported @@ -70,7 +54,7 @@ LogLevel warn SSLEngine on # List the protocol versions which clients are allowed to connect with. -# The OpenSSL system profile is configured by default. See +# The OpenSSL system profile is used by default. See # update-crypto-policies(8) for more details. #SSLProtocol all -SSLv3 #SSLProxyProtocol all -SSLv3