t/conf/http2.conf.in - httpd-tests - Git at Google

 ##
 ## mod_http2 test config
 ##

 <IfDefine APACHE2>
     <IfModule http2_module>

         LogLevel http2:debug

         <VirtualHost h2c>
             Protocols h2c http/1.1

             <IfModule @CGI_MODULE@>
                 <Directory @SERVERROOT@/htdocs/modules/h2>
                     Options +ExecCGI
                     AddHandler cgi-script .pl

                 </Directory>
             </IfModule>

             <Location /modules/h2/hello.pl>
             </Location>
             <IfModule mod_rewrite.c>
                 RewriteEngine on
                 RewriteRule ^/modules/h2/latest.tar.gz$ /modules/h2/xxx-1.0.2a.tar.gz [R=302,NC]
             </IfModule>

         </VirtualHost>

         <IfModule @ssl_module@>

         <VirtualHost @SERVERNAME@:h2>
                 Protocols h2 http/1.1
                 H2Direct on

                 SSLEngine on
                 SSLCACertificateFile @SSLCA@/asf/certs/ca.crt
                 SSLCACertificatePath @ServerRoot@/conf/ssl
                 SSLCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl
                 SSLCARevocationCheck chain

                 # taken from https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
                 #
                 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
                 SSLProtocol All -SSLv2 -SSLv3
                 SSLOptions +StdEnvVars

                 <IfVersion >= 2.4.18>
                     # need this off as long as we ran on old openssl
                     H2ModernTLSOnly off
                 </IfVersion>

                 <IfModule @CGI_MODULE@>
                     <Directory @SERVERROOT@/htdocs/modules/h2>
                         Options +ExecCGI
                         AddHandler cgi-script .pl
                     </Directory>
                 </IfModule>

                 <Location /modules/h2/hello.pl>
                 </Location>
                 <IfModule mod_rewrite.c>
                     RewriteEngine on
                     RewriteRule ^/modules/h2/latest.tar.gz$ /modules/h2/xxx-1.0.2a.tar.gz [R=302,NC]
                 </IfModule>

             </VirtualHost>

             <VirtualHost noh2.example.org:h2>
                 Protocols http/1.1
                 H2Direct off
             </VirtualHost>

             <VirtualHost test.example.org:h2>
                 Protocols h2 http/1.1
                 H2Direct on

                 SSLEngine on
                 SSLCACertificateFile @SSLCA@/asf/certs/ca.crt
                 SSLCACertificatePath @ServerRoot@/conf/ssl
                 SSLCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl
                 SSLCARevocationCheck chain

                 # taken from https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
                 #
                 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
                 SSLProtocol All -SSLv2 -SSLv3
                 SSLOptions +StdEnvVars

             </VirtualHost>

             <VirtualHost test2.example.org:h2>
                 Protocols http/1.1 h2
                 H2Direct on
             </VirtualHost>

             <VirtualHost test-ser.example.org:h2>
             </VirtualHost>

         </ifModule>

     </IfModule>

 </IfDefine>
	##
	## mod_http2 test config
	##

	<IfDefine APACHE2>
	<IfModule http2_module>

	LogLevel http2:debug

	<VirtualHost h2c>
	Protocols h2c http/1.1

	<IfModule @CGI_MODULE@>
	<Directory @SERVERROOT@/htdocs/modules/h2>
	Options +ExecCGI
	AddHandler cgi-script .pl

	</Directory>
	</IfModule>

	<Location /modules/h2/hello.pl>
	</Location>
	<IfModule mod_rewrite.c>
	RewriteEngine on
	RewriteRule ^/modules/h2/latest.tar.gz$ /modules/h2/xxx-1.0.2a.tar.gz [R=302,NC]
	</IfModule>

	</VirtualHost>

	<IfModule @ssl_module@>

	<VirtualHost @SERVERNAME@:h2>
	Protocols h2 http/1.1
	H2Direct on

	SSLEngine on
	SSLCACertificateFile @SSLCA@/asf/certs/ca.crt
	SSLCACertificatePath @ServerRoot@/conf/ssl
	SSLCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl
	SSLCARevocationCheck chain

	# taken from https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
	#
	SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
	SSLProtocol All -SSLv2 -SSLv3
	SSLOptions +StdEnvVars

	<IfVersion >= 2.4.18>
	# need this off as long as we ran on old openssl
	H2ModernTLSOnly off
	</IfVersion>

	<IfModule @CGI_MODULE@>
	<Directory @SERVERROOT@/htdocs/modules/h2>
	Options +ExecCGI
	AddHandler cgi-script .pl
	</Directory>
	</IfModule>

	<Location /modules/h2/hello.pl>
	</Location>
	<IfModule mod_rewrite.c>
	RewriteEngine on
	RewriteRule ^/modules/h2/latest.tar.gz$ /modules/h2/xxx-1.0.2a.tar.gz [R=302,NC]
	</IfModule>

	</VirtualHost>

	<VirtualHost noh2.example.org:h2>
	Protocols http/1.1
	H2Direct off
	</VirtualHost>

	<VirtualHost test.example.org:h2>
	Protocols h2 http/1.1
	H2Direct on

	SSLEngine on
	SSLCACertificateFile @SSLCA@/asf/certs/ca.crt
	SSLCACertificatePath @ServerRoot@/conf/ssl
	SSLCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl
	SSLCARevocationCheck chain

	# taken from https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
	#
	SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
	SSLProtocol All -SSLv2 -SSLv3
	SSLOptions +StdEnvVars

	</VirtualHost>

	<VirtualHost test2.example.org:h2>
	Protocols http/1.1 h2
	H2Direct on
	</VirtualHost>

	<VirtualHost test-ser.example.org:h2>
	</VirtualHost>

	</ifModule>

	</IfModule>

	</IfDefine>