From e74d8d5623dcb7d9356fc982af33b7eee6ae229e Mon Sep 17 00:00:00 2001 From: Luca Toscano Date: Sat, 22 Sep 2018 14:54:00 +0000 Subject: [PATCH] documentation rebuild git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1841686 13f79535-47bb-0310-9956-ffa450edef68 --- docs/manual/mod/mod_ssl.html.en | 31 +++++++++++++++++++++----- docs/manual/mod/mod_ssl.xml | 2 +- docs/manual/mod/mod_ssl.xml.fr | 2 +- docs/manual/mod/mod_ssl.xml.meta | 2 +- docs/manual/mod/quickreference.html.en | 4 ++-- 5 files changed, 30 insertions(+), 11 deletions(-) diff --git a/docs/manual/mod/mod_ssl.html.en b/docs/manual/mod/mod_ssl.html.en index 1d214fcfa37..e66c59a2de8 100644 --- a/docs/manual/mod/mod_ssl.html.en +++ b/docs/manual/mod/mod_ssl.html.en @@ -740,7 +740,7 @@ key file.

- + @@ -750,12 +750,26 @@ handshake

This complex directive uses a colon-separated cipher-spec string consisting of OpenSSL cipher specifications to configure the Cipher Suite the -client is permitted to negotiate in the SSL handshake phase. Notice that this -directive can be used both in per-server and per-directory context. In -per-server context it applies to the standard SSL handshake when a connection +client is permitted to negotiate in the SSL handshake phase. The optional +protocol specifier can configure the Cipher Suite for a specific SSL version. +Possible values include "SSL" for all SSL Protocols up to and including TLSv1.2. +

+

+Notice that this +directive can be used both in per-server and per-directory context. +In per-server context it applies to the standard SSL handshake when a connection is established. In per-directory context it forces a SSL renegotiation with the reconfigured Cipher Suite after the HTTP request was read but before the HTTP -response is sent.

+response is sent. (Since renegotiation is not

+

+If the SSL library supports TLSv1.3 (OpenSSL 1.1.1 and later), the protocol +specifier "TLSv1.3" can be used to configure the cipher suites for that protocol. +Since TLSv1.3 does not offer renegotiations, specifying ciphers for it in +a directory context is not allowed.

+

+For a list of TLSv1.3 cipher names, see +the OpenSSL +documentation.

An SSL cipher specification in cipher-spec is composed of 4 major attributes plus a few extra minor ones:

@@ -1494,6 +1508,11 @@ The available (case-insensitive) protocols are:

A revision of the TLS 1.1 protocol, as defined in RFC 5246.

+
  • TLSv1.3 (when using OpenSSL 1.1.1 and later) +

    + A new version of the TLS protocol, as defined in + RFC 8446.

    • +
  • all

    This is a shortcut for ``+SSLv3 +TLSv1'' or @@ -1739,7 +1758,7 @@ improvements.

    • Description:Cipher Suite available for negotiation in SSL handshake
    Syntax:SSLCipherSuite cipher-spec
    Syntax:SSLCipherSuite [protocol] cipher-spec
    Default:SSLCipherSuite DEFAULT (depends on OpenSSL version)
    Context:server config, virtual host, directory, .htaccess
    Override:AuthConfig
    - + diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml index a5c45232db4..a539eeb606a 100644 --- a/docs/manual/mod/mod_ssl.xml +++ b/docs/manual/mod/mod_ssl.xml @@ -657,7 +657,7 @@ The available (case-insensitive) protocols are:

  • TLSv1.3 (when using OpenSSL 1.1.1 and later)

    A new version of the TLS protocol, as defined in - RFC TBD.

    • + RFC 8446.

  • all

    diff --git a/docs/manual/mod/mod_ssl.xml.fr b/docs/manual/mod/mod_ssl.xml.fr index b3d2b4c0df9..c2ae3c6ceb5 100644 --- a/docs/manual/mod/mod_ssl.xml.fr +++ b/docs/manual/mod/mod_ssl.xml.fr @@ -1,7 +1,7 @@ - + diff --git a/docs/manual/mod/mod_ssl.xml.meta b/docs/manual/mod/mod_ssl.xml.meta index 736a11a017e..be20a51f56b 100644 --- a/docs/manual/mod/mod_ssl.xml.meta +++ b/docs/manual/mod/mod_ssl.xml.meta @@ -8,6 +8,6 @@ en - fr + fr diff --git a/docs/manual/mod/quickreference.html.en b/docs/manual/mod/quickreference.html.en index 5a1cc1fa22c..36887d4105e 100644 --- a/docs/manual/mod/quickreference.html.en +++ b/docs/manual/mod/quickreference.html.en @@ -1009,7 +1009,7 @@ Client Auth

    • - @@ -1047,7 +1047,7 @@ Remote Server Auth - -- 2.47.3
    Description:Cipher Suite available for negotiation in SSL proxy handshake
    Syntax:SSLProxyCipherSuite cipher-spec
    Syntax:SSLProxyCipherSuite [protocol] cipher-spec
    Default:SSLProxyCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
    Context:server config, virtual host, proxy section
    Status:Extension
    SSLCertificateChainFile file-pathsvE
    File of PEM-encoded Server CA Certificates
    SSLCertificateFile file-pathsvE
    Server PEM-encoded X.509 certificate data file
    SSLCertificateKeyFile file-pathsvE
    Server PEM-encoded private key file
    SSLCipherSuite cipher-spec DEFAULT (depends on +svdhE
    Cipher Suite available for negotiation in SSL +
    SSLCipherSuite [protocol] cipher-spec DEFAULT (depends on +svdhE
    Cipher Suite available for negotiation in SSL handshake
    SSLCompression on|off off svE
    Enable compression on the SSL level
    SSLCryptoDevice engine builtin sE
    Enable use of a cryptographic hardware accelerator
    SSLProxyCheckPeerName on|off on svpE
    Configure host name checking for remote server certificates
    SSLProxyCipherSuite cipher-spec ALL:!ADH:RC4+RSA:+H +svpE
    Cipher Suite available for negotiation in SSL +
    SSLProxyCipherSuite [protocol] cipher-spec ALL:!ADH:RC4+RSA:+H +svpE
    Cipher Suite available for negotiation in SSL proxy handshake
    SSLProxyEngine on|off off svpE
    SSL Proxy Engine Operation Switch
    SSLProxyMachineCertificateChainFile filenamesvpE
    File of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate