Move SSLSessionCache directives outside of virtual host

Closes #264
h5bp · Jun 14, 2021 · 64e33e8 · 64e33e8
1 parent 55c364d
commit 64e33e8
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 11 deletions.
diff --git a/h5bp/tls/ssl_engine.conf b/h5bp/tls/ssl_engine.conf
@@ -9,11 +9,6 @@
 # (2) Improve SSL engine security and performance.
 #
 #     https://httpd.apache.org/docs/current/mod/mod_ssl.html
-#
-# (3) Optimize SSL by caching session parameters.
-#     This cuts down on the number of expensive SSL handshakes.
-#     By enabling a cache, we tell the client to re-use the already
-#     negotiated state.
 
 <IfModule mod_ssl.c>
 
@@ -25,10 +20,4 @@
     SSLCompression Off
     SSLSessionTickets Off
 
-    # (3)
-    <IfModule mod_socache_shmcb.c>
-        SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_gcache_data(10485760)"
-        SSLSessionCacheTimeout 86400
-    </IfModule>
-
 </IfModule>
diff --git a/httpd.conf b/httpd.conf
@@ -78,6 +78,18 @@ LogLevel warn
     CustomLog logs/access.log combined
 </IfModule>
 
+# Optimize TLS by caching session parameters.
+# By enabling a cache, we tell the client to re-use the already negotiated
+# state. This cuts down on the number of expensive TLS handshakes.
+# https://httpd.apache.org/docs/current/mod/mod_socache_shmcb.html
+<IfModule mod_socache_shmcb.c>
+    # https://httpd.apache.org/docs/current/mod/mod_ssl.html#SSLSessionCache
+    SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_gcache_data(10485760)"
+
+    # https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslsessioncachetimeout
+    SSLSessionCacheTimeout 86400
+</IfModule>
+
 # Prevent Apache from sending its version number, the description of the
 # generic OS-type or information about its compiled-in modules in the "Server"
 # response header.