documentation rebuild

author Luca Toscano <elukey@apache.org>

Sat, 22 Sep 2018 14:54:00 +0000 (14:54 +0000)

committer Luca Toscano <elukey@apache.org>

Sat, 22 Sep 2018 14:54:00 +0000 (14:54 +0000)
author Luca Toscano <elukey@apache.org>
Sat, 22 Sep 2018 14:54:00 +0000 (14:54 +0000)
committer Luca Toscano <elukey@apache.org>
Sat, 22 Sep 2018 14:54:00 +0000 (14:54 +0000)
diff --git a/docs/manual/mod/mod_ssl.html.en b/docs/manual/mod/mod_ssl.html.en

index 1d214fcfa376857541a3cdb3c048881ec6a632fe..e66c59a2de830cebbb19fed4b448012330b883e8 100644 (file)
--- a/docs/manual/mod/mod_ssl.html.en
+++ b/docs/manual/mod/mod_ssl.html.en
@@ -740,7 +740,7 @@ key file.</p>
  <table class="directive">
  <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Cipher Suite available for negotiation in SSL
  handshake</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLCipherSuite <em>cipher-spec</em></code></td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLCipherSuite [<em>protocol</em>] <em>cipher-spec</em></code></td></tr>
  <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSLCipherSuite DEFAULT (depends on OpenSSL version)</code></td></tr>
  <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
  <tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
@@ -750,12 +750,26 @@ handshake</td></tr>
  <p>
  This complex directive uses a colon-separated <em>cipher-spec</em> string
  consisting of OpenSSL cipher specifications to configure the Cipher Suite the
-client is permitted to negotiate in the SSL handshake phase. Notice that this
-directive can be used both in per-server and per-directory context. In
-per-server context it applies to the standard SSL handshake when a connection
+client is permitted to negotiate in the SSL handshake phase. The optional 
+protocol specifier can configure the Cipher Suite for a specific SSL version.
+Possible values include "SSL" for all SSL Protocols up to and including TLSv1.2.
+</p>
+<p>
+Notice that this
+directive can be used both in per-server and per-directory context. 
+In per-server context it applies to the standard SSL handshake when a connection
  is established. In per-directory context it forces a SSL renegotiation with the
  reconfigured Cipher Suite after the HTTP request was read but before the HTTP
-response is sent.</p>
+response is sent. (Since renegotiation is not</p>
+<p>
+If the SSL library supports TLSv1.3 (OpenSSL 1.1.1 and later), the protocol 
+specifier "TLSv1.3" can be used to configure the cipher suites for that protocol.
+Since TLSv1.3 does not offer renegotiations, specifying ciphers for it in
+a directory context is not allowed.</p>
+<p>
+For a list of TLSv1.3 cipher names, see 
+<a href="https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html">the OpenSSL
+documentation</a>.</p>
  <p>
  An SSL cipher specification in <em>cipher-spec</em> is composed of 4 major
  attributes plus a few extra minor ones:</p>
@@ -1494,6 +1508,11 @@ The available (case-insensitive) <em>protocol</em>s are:</p>
      A revision of the TLS 1.1 protocol, as defined in
      <a href="http://www.ietf.org/rfc/rfc5246.txt">RFC 5246</a>.</p></li>
  
+<li><code>TLSv1.3</code> (when using OpenSSL 1.1.1 and later)
+    <p>
+    A new version of the TLS protocol, as defined in
+    <a href="http://www.ietf.org/rfc/rfc8446.txt">RFC 8446</a>.</p></li>
+
  <li><code>all</code>
      <p>
      This is a shortcut for ``<code>+SSLv3 +TLSv1</code>'' or
@@ -1739,7 +1758,7 @@ improvements.
  <table class="directive">
  <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Cipher Suite available for negotiation in SSL
  proxy handshake</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLProxyCipherSuite <em>cipher-spec</em></code></td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLProxyCipherSuite [<em>protocol</em>] <em>cipher-spec</em></code></td></tr>
  <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSLProxyCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP</code></td></tr>
  <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, proxy section</td></tr>
  <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml

index a5c45232db4b0586e8885ea43d383446f35e12c5..a539eeb606ae8905f13224f7bd336100d91178c1 100644 (file)
--- a/docs/manual/mod/mod_ssl.xml
+++ b/docs/manual/mod/mod_ssl.xml
@@ -657,7 +657,7 @@ The available (case-insensitive) <em>protocol</em>s are:</p>
  <li><code>TLSv1.3</code> (when using OpenSSL 1.1.1 and later)
      <p>
      A new version of the TLS protocol, as defined in
-    <a href="https://github.com/tlswg/tls13-spec">RFC TBD</a>.</p></li>
+    <a href="http://www.ietf.org/rfc/rfc8446.txt">RFC 8446</a>.</p></li>
  
  <li><code>all</code>
      <p>
diff --git a/docs/manual/mod/mod_ssl.xml.fr b/docs/manual/mod/mod_ssl.xml.fr

index b3d2b4c0df9a470e022cf9caa274f2583d0f7483..c2ae3c6ceb5f6f3e0d72640308105355ebfd6e2d 100644 (file)
--- a/docs/manual/mod/mod_ssl.xml.fr
+++ b/docs/manual/mod/mod_ssl.xml.fr
@@ -1,7 +1,7 @@
  <?xml version="1.0" encoding="UTF-8" ?>
  <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
  <?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision: 1834089 -->
+<!-- English Revision: 1834089:1841685 (outdated) -->
  <!-- French translation : Lucien GENTIS -->
  <!-- Reviewed by : Vincent Deffontaines -->
  
diff --git a/docs/manual/mod/mod_ssl.xml.meta b/docs/manual/mod/mod_ssl.xml.meta

index 736a11a017e7f784109b76cc3ebb05ffc343c5f7..be20a51f56b17063a46801f8a65062b665eb436d 100644 (file)
--- a/docs/manual/mod/mod_ssl.xml.meta
+++ b/docs/manual/mod/mod_ssl.xml.meta
@@ -8,6 +8,6 @@
  
    <variants>
      <variant>en</variant>
-    <variant>fr</variant>
+    <variant outdated="yes">fr</variant>
    </variants>
  </metafile>
diff --git a/docs/manual/mod/quickreference.html.en b/docs/manual/mod/quickreference.html.en

index 5a1cc1fa22c19dd2d5e1025caa76d4ea040ff54d..36887d4105e4f554eafdc2feeaf9f3d839db8507 100644 (file)
--- a/docs/manual/mod/quickreference.html.en
+++ b/docs/manual/mod/quickreference.html.en
@@ -1009,7 +1009,7 @@ Client Auth</td></tr>
  <tr class="odd"><td><a href="mod_ssl.html#sslcertificatechainfile">SSLCertificateChainFile <em>file-path</em></a></td><td></td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">File of PEM-encoded Server CA Certificates</td></tr>
  <tr><td><a href="mod_ssl.html#sslcertificatefile">SSLCertificateFile <em>file-path</em></a></td><td></td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Server PEM-encoded X.509 certificate data file</td></tr>
  <tr class="odd"><td><a href="mod_ssl.html#sslcertificatekeyfile">SSLCertificateKeyFile <em>file-path</em></a></td><td></td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Server PEM-encoded private key file</td></tr>
-<tr><td><a href="mod_ssl.html#sslciphersuite">SSLCipherSuite <em>cipher-spec</em></a></td><td> DEFAULT (depends on +</td><td>svdh</td><td>E</td></tr><tr><td class="descr" colspan="4">Cipher Suite available for negotiation in SSL
+<tr><td><a href="mod_ssl.html#sslciphersuite">SSLCipherSuite [<em>protocol</em>] <em>cipher-spec</em></a></td><td> DEFAULT (depends on +</td><td>svdh</td><td>E</td></tr><tr><td class="descr" colspan="4">Cipher Suite available for negotiation in SSL
  handshake</td></tr>
  <tr class="odd"><td><a href="mod_ssl.html#sslcompression">SSLCompression on|off</a></td><td> off </td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Enable compression on the SSL level</td></tr>
  <tr><td><a href="mod_ssl.html#sslcryptodevice">SSLCryptoDevice <em>engine</em></a></td><td> builtin </td><td>s</td><td>E</td></tr><tr><td class="descr" colspan="4">Enable use of a cryptographic hardware accelerator</td></tr>
@@ -1047,7 +1047,7 @@ Remote Server Auth</td></tr>
  </td></tr>
  <tr><td><a href="mod_ssl.html#sslproxycheckpeername">SSLProxyCheckPeerName on|off</a></td><td> on </td><td>svp</td><td>E</td></tr><tr><td class="descr" colspan="4">Configure host name checking for remote server certificates
  </td></tr>
-<tr class="odd"><td><a href="mod_ssl.html#sslproxyciphersuite">SSLProxyCipherSuite <em>cipher-spec</em></a></td><td> ALL:!ADH:RC4+RSA:+H +</td><td>svp</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Cipher Suite available for negotiation in SSL
+<tr class="odd"><td><a href="mod_ssl.html#sslproxyciphersuite">SSLProxyCipherSuite [<em>protocol</em>] <em>cipher-spec</em></a></td><td> ALL:!ADH:RC4+RSA:+H +</td><td>svp</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Cipher Suite available for negotiation in SSL
  proxy handshake</td></tr>
  <tr><td><a href="mod_ssl.html#sslproxyengine">SSLProxyEngine on|off</a></td><td> off </td><td>svp</td><td>E</td></tr><tr><td class="descr" colspan="4">SSL Proxy Engine Operation Switch</td></tr>
  <tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatechainfile">SSLProxyMachineCertificateChainFile <em>filename</em></a></td><td></td><td>svp</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">File of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate</td></tr>
author	Luca Toscano <elukey@apache.org>
	Sat, 22 Sep 2018 14:54:00 +0000 (14:54 +0000)
committer	Luca Toscano <elukey@apache.org>
	Sat, 22 Sep 2018 14:54:00 +0000 (14:54 +0000)
docs/manual/mod/mod_ssl.html.en		patch \| blob \| blame \| history
docs/manual/mod/mod_ssl.xml		patch \| blob \| blame \| history
docs/manual/mod/mod_ssl.xml.fr		patch \| blob \| blame \| history
docs/manual/mod/mod_ssl.xml.meta		patch \| blob \| blame \| history
docs/manual/mod/quickreference.html.en		patch \| blob \| blame \| history