From: Joe Orton Date: Tue, 4 Jan 2022 08:38:32 +0000 (+0000) Subject: Recommend against using SSLOpenSSLConfCmd in preference to mod_ssl X-Git-Tag: 2.5.0-alpha2-ci-test-only~602 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=238789798392c44f24304ade592e1a6a83f287f2;p=thirdparty%2Fapache%2Fhttpd.git Recommend against using SSLOpenSSLConfCmd in preference to mod_ssl directives, and add warning on stability/compatibility. (e.g. PR: 65764) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1896664 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml index 8168c1738e7..e196e6e2fd8 100644 --- a/docs/manual/mod/mod_ssl.xml +++ b/docs/manual/mod/mod_ssl.xml @@ -2946,13 +2946,6 @@ depends on the OpenSSL version being used for mod_ssl names, see the section Supported configuration file commands in the SSL_CONF_cmd(3) manual page for OpenSSL.

-

Some of the SSLOpenSSLConfCmd commands can be used -as an alternative to existing directives (such as -SSLCipherSuite or -SSLProtocol), -though it should be noted that the syntax / allowable values for the parameters -may sometimes differ.

- Examples SSLOpenSSLConfCmd Options -SessionTicket,ServerPreference @@ -2962,6 +2955,23 @@ SSLOpenSSLConfCmd Protocol "-ALL, TLSv1.2" SSLOpenSSLConfCmd SignatureAlgorithms RSA+SHA384:ECDSA+SHA256 + +Compatibility and Stability +warning + +

Some of the SSLOpenSSLConfCmd commands can be used +as an alternative to existing directives (such as +SSLCipherSuite or +SSLProtocol), +though the syntax / allowable values for the parameters may sometimes differ.

+ +

It is recommended that directives provided by mod_ssl are used +where available to configure OpenSSL, and +SSLOpenSSLConfCmd is only used for features of +OpenSSL which are not configurable by mod_ssl. It is possible that +mod_ssl behaviour will change across versions of httpd where +SSLOpenSSLConfCmd is used.

+