Skip to content

SSL Session Cache can't be in virtualhost #264

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ObjectifMars opened this issue Mar 1, 2021 · 2 comments · Fixed by #270
Closed

SSL Session Cache can't be in virtualhost #264

ObjectifMars opened this issue Mar 1, 2021 · 2 comments · Fixed by #270
Labels
bug Something isn't working good first issue Good for newcomers help wanted Extra attention is needed

Comments

@ObjectifMars
Copy link

ObjectifMars commented Mar 1, 2021
edited by LeoColomb
Loading

The following problem is into the last release 4.1.0 and into the master branche.

The configuration for SSL Session cache is put into the file h5bp\ssl\ssl_engine.conf, this configuration is put by default into the template for a SSL VirtualHost vhosts\templates\example.com.conf and vhosts\.000-default.conf.

server-configs-apache/h5bp/ssl/ssl_engine.conf

Lines 29 to 32 in 3c7db53

<IfModule mod_socache_shmcb.c>
SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_gcache_data(10485760)"
SSLSessionCacheTimeout 86400
</IfModule>

When installing the module mod_socache_shmcb.so into httpd.conf on a Apache container (httpd:2.4.46), I have this error message and the server stop :

AH00526: Syntax error on line 30 of /usr/local/apache2/h5bp/ssl/ssl_engine.conf:
SSLSessionCache cannot occur within <VirtualHost> section

I think the solution is :

  1. ever the ssl_engine.conf need to be include directly into httpd.conf or the directives need to be splited into 2 files one to be included into httpd.conf (with the cache SSL configuration), the other with the remaining lines into the vhosts. I think the first option is enough : it's the minimal configuration of the SSL module so it can be included into httpd.conf.
  2. Add into httpd.conf : LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
@LeoColomb
Copy link
Member

Thanks for opening this issue @ObjectifMars!
That's a really good catch, I'm curious why it hasn't been spotted before.

Anyway, I'd say the best option is to extract block checking presence of shmcb mod into httpd.conf.

Would you like to open a pull request?

@ObjectifMars
Copy link
Author

I will try to create a pull request, it will be a first simple enough.

@LeoColomb LeoColomb added bug Something isn't working good first issue Good for newcomers help wanted Extra attention is needed labels Mar 11, 2021
LeoColomb added a commit that referenced this issue Jun 14, 2021
@LeoColomb
Move SSLSessionCache directives outside of virtual host
a19baba 
Closes #264
@LeoColomb LeoColomb mentioned this issue Jun 14, 2021
Merged
LeoColomb added a commit that referenced this issue Jun 14, 2021
@LeoColomb
Move SSLSessionCache directives outside of virtual host
64e33e8 
Closes #264
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working good first issue Good for newcomers help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Modernize TLS configuration h5bp/server-configs-apache
2 participants
@ObjectifMars @LeoColomb