Web Server Management: Securing Access to Web Servers | ||
---|---|---|
Prev | Chapter 4. Configuring Apache to support TLS | Next |
There are various additional things that we should probably add. A TLS "session cache" allows TLS sessions to be reused by subsequent connections. Apart from the efficiency gains, some versions of Microsoft Internet Explorer will not work if this is not enabled.
SSLSessionCache shmcb:/var/lib/apache2/ssl_scache(512000) SSLSessionCacheTimeout 600 SSLMutex default
We should also indicate how Apache can access a source of randomness for its cryptographic operations. On most Unix systems we can use /dev/urandom (which will probably be the built-in default anyway); Windows Apache has little choice but to depend on the generator built-in to the OpenSSL routines. See the Apache documentation for all the possible arguements to the SSLRandomSeed directives.