From 71a047ad15882859c14c9f3d2d5e92f9e4f8446f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Mon, 8 Nov 2021 16:26:13 +0100 Subject: [PATCH] Resolves: #2005416 - httpd default configuration changes --- httpd.conf | 6 ++++-- httpd.spec | 5 ++++- ssl.conf | 18 +----------------- 3 files changed, 9 insertions(+), 20 deletions(-) diff --git a/httpd.conf b/httpd.conf index 6ab68cb..609b2e2 100644 --- a/httpd.conf +++ b/httpd.conf @@ -38,8 +38,10 @@ ServerRoot "/etc/httpd" # ports, instead of the default. See also the # directive. # -# Change this to Listen on specific IP addresses as shown below to -# prevent Apache from glomming onto all bound IP addresses. +# Change this to Listen on a specific IP address, but note that if +# httpd.service is enabled to run at boot time, the address may not be +# available when the service starts. See the httpd.service(8) man +# page for more information. # #Listen 12.34.56.78:80 Listen 80 diff --git a/httpd.spec b/httpd.spec index 3d23209..225795b 100644 --- a/httpd.spec +++ b/httpd.spec @@ -13,7 +13,7 @@ Summary: Apache HTTP Server Name: httpd Version: 2.4.51 -Release: 1%{?dist} +Release: 2%{?dist} URL: https://httpd.apache.org/ Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc @@ -807,6 +807,9 @@ exit $rv %{_rpmconfigdir}/macros.d/macros.httpd %changelog +* Mon Nov 08 2021 Luboš Uhliarik - 2.4.51-2 +- Resolves: #2005416 - httpd default configuration changes + * Tue Oct 19 2021 Luboš Uhliarik - 2.4.51-1 - new version 2.4.51 (#2011090) diff --git a/ssl.conf b/ssl.conf index 373b9e5..d28adf3 100644 --- a/ssl.conf +++ b/ssl.conf @@ -23,22 +23,6 @@ SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog SSLSessionCache shmcb:/run/httpd/sslcache(512000) SSLSessionCacheTimeout 300 -# Pseudo Random Number Generator (PRNG): -# Configure one or more sources to seed the PRNG of the -# SSL library. The seed data should be of good random quality. -# WARNING! On some platforms /dev/random blocks if not enough entropy -# is available. This means you then cannot use the /dev/random device -# because it would lead to very long connection times (as long as -# it requires to make more entropy available). But usually those -# platforms additionally provide a /dev/urandom device which doesn't -# block. So, if available, use this one instead. Read the mod_ssl User -# Manual for more details. -SSLRandomSeed startup file:/dev/urandom 256 -SSLRandomSeed connect builtin -#SSLRandomSeed startup file:/dev/random 512 -#SSLRandomSeed connect file:/dev/random 512 -#SSLRandomSeed connect file:/dev/urandom 512 - # # Use "SSLCryptoDevice" to enable any supported hardware # accelerators. Use "openssl engine -v" to list supported @@ -70,7 +54,7 @@ LogLevel warn SSLEngine on # List the protocol versions which clients are allowed to connect with. -# The OpenSSL system profile is configured by default. See +# The OpenSSL system profile is used by default. See # update-crypto-policies(8) for more details. #SSLProtocol all -SSLv3 #SSLProxyProtocol all -SSLv3