4.4. Tuning the configuration

There are various additional things that we should probably add. A TLS "session cache" allows TLS sessions to be reused by subsequent connections. Apart from the efficiency gains, some versions of Microsoft Internet Explorer will not work if this is not enabled.

SSLSessionCache         shmcb:/var/lib/apache2/ssl_scache(512000)
SSLSessionCacheTimeout  600
SSLMutex default

We should also indicate how Apache can access a source of randomness for its cryptographic operations. On most Unix systems we can use /dev/urandom (which will probably be the built-in default anyway); Windows Apache has little choice but to depend on the generator built-in to the OpenSSL routines. See the Apache documentation for all the possible arguements to the SSLRandomSeed directives.

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin