Roger that, no xreflabels ;-). Attached is a log of the IRC conversation between Jamie and myself about the SSLOptions.
The highlights: +CompatEnvVars) should not be used: Syntax error on line 11 of /etc/apache2/sites-enabled/strandboge.com_ssl: SSLOptions: Illegal option 'CompatEnvVars' +StrictRequire) should definitely be there: it makes sure that when using SSLRequireSSL that access is forbidden (that is the intuitive use of SSLRequireSSL) +FakeBasicAuth) I am not sure FakeBasicAuth is a good default: it allows using a client cert instead of basic authentication if the client has a valid one that is not an intuitive use IMO and would be site-specific +ExportCertData) seems harmless enough-- exports ssl environment variables so cgi can access them it too seems site-specific so really, all can go with no problems, but I really think +StrictRequire should stay Also, here is a link to the Apache doc describing the options: http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions ** Attachment added: "IRC log" http://launchpadlibrarian.net/11134790/jdstrand_apache_feedback -- mod_ssl should not use +CompatEnvVars https://bugs.launchpad.net/bugs/179959 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs