<VirtualHost *:${RENEGOTIATE_SERVER_PORT}>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	ServerName localhost

	ServerAdmin webmaster@localhost
	DocumentRoot ${APACHE_SERVER_ROOT}/www/html

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	#   SSL Engine Switch:
	#   Enable/Disable SSL for this virtual host.
	SSLEngine on

	SSLCertificateFile ${APACHE_CERT_DIR}/apache_server_cert.pem
	SSLCertificateKeyFile ${APACHE_CERT_DIR}/apache_server_key.pem

	#   Certificate Authority (CA):
	#   Set the CA certificate verification path where to find CA
	#   certificates for client authentication or alternatively one
	#   huge file containing all of them (file must be PEM encoded)
	#   Note: Inside SSLCACertificatePath you need hash symlinks
	#		 to point to the certificate files. Use the provided
	#		 Makefile to update the hash symlinks after changes.
	SSLCACertificateFile ${APACHE_CERT_DIR}/apache_client_cert.pem

	SSLProtocol -ALL +TLSv1.2
	SSLHonorCipherOrder On
	SSLCipherSuite HIGH:!aNULL:!MD5
	SSLCompression Off
	SSLInsecureRenegotiation Off

	Alias /change_cipher_suite ${APACHE_SERVER_ROOT}/www/change_cipher_suite
	<Directory ${APACHE_SERVER_ROOT}/www/change_cipher_suite>
		Require all granted
		SSLCipherSuite AES128-SHA
	</Directory>

	Alias /mutual_auth ${APACHE_SERVER_ROOT}/www/mutual_auth
	<Directory ${APACHE_SERVER_ROOT}/www/mutual_auth>
		Require all granted
		SSLVerifyClient require
		SSLVerifyDepth  10
	</Directory>

</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet