matching error log line to see what request caused what error.</td></tr>
<tr><td><code>%m</code></td>
<td>The request method.</td></tr>
-<tr class="odd"><td><code>%M</code></td>
- <td>The time taken to serve the request, in milliseconds.
- (available in 2.4.13 and later)</td></tr>
-<tr><td><code>%{<var>VARNAME</var>}n</code></td>
+<tr class="odd"><td><code>%{<var>VARNAME</var>}n</code></td>
<td>The contents of note <var>VARNAME</var> from another
module.</td></tr>
-<tr class="odd"><td><code>%{<var>VARNAME</var>}o</code></td>
+<tr><td><code>%{<var>VARNAME</var>}o</code></td>
<td>The contents of <code><var>VARNAME</var>:</code> header line(s)
in the reply.</td></tr>
-<tr><td><code>%p</code></td>
+<tr class="odd"><td><code>%p</code></td>
<td>The canonical port of the server serving the request.</td></tr>
-<tr class="odd"><td><code>%{<var>format</var>}p</code></td>
+<tr><td><code>%{<var>format</var>}p</code></td>
<td>The canonical port of the server serving the request, or the
server's actual port, or the client's actual port. Valid formats
are <code>canonical</code>, <code>local</code>, or <code>remote</code>.
</td></tr>
-<tr><td><code>%P</code></td>
+<tr class="odd"><td><code>%P</code></td>
<td>The process ID of the child that serviced the request.</td></tr>
-<tr class="odd"><td><code>%{<var>format</var>}P</code></td>
+<tr><td><code>%{<var>format</var>}P</code></td>
<td>The process ID or thread ID of the child that serviced the
request. Valid formats are <code>pid</code>, <code>tid</code>,
and <code>hextid</code>. <code>hextid</code> requires APR 1.2.0 or
higher.
</td></tr>
-<tr><td><code>%q</code></td>
+<tr class="odd"><td><code>%q</code></td>
<td>The query string (prepended with a <code>?</code> if a query
string exists, otherwise an empty string).</td></tr>
-<tr class="odd"><td><code>%r</code></td>
+<tr><td><code>%r</code></td>
<td>First line of request.</td></tr>
-<tr><td><code>%R</code></td>
+<tr class="odd"><td><code>%R</code></td>
<td>The handler generating the response (if any).</td></tr>
-<tr class="odd"><td><code>%s</code></td>
+<tr><td><code>%s</code></td>
<td>Status. For requests that have been internally redirected, this is
the status of the <em>original</em> request. Use <code>%>s</code>
for the final status.</td></tr>
-<tr><td><code>%t</code></td>
+<tr class="odd"><td><code>%t</code></td>
<td>Time the request was received, in the format <code>[18/Sep/2011:19:18:28 -0400]</code>.
The last number indicates the timezone offset from GMT</td></tr>
-<tr class="odd"><td><code>%{<var>format</var>}t</code></td>
+<tr><td><code>%{<var>format</var>}t</code></td>
<td>The time, in the form given by format, which should be in
an extended <code>strftime(3)</code> format (potentially localized).
If the format starts with <code>begin:</code> (default) the time is taken
formatting in the same format string. You can use multiple
<code>%{<var>format</var>}t</code> tokens instead.
</td></tr>
-<tr><td><code>%T</code></td>
+<tr class="odd"><td><code>%T</code></td>
<td>The time taken to serve the request, in seconds.</td></tr>
+<tr><td><code>%{<var>UNIT</var>}T</code></td>
+ <td>The time taken to serve the request, in a time unit given by
+ <code>UNIT</code>. Valid units are <code>ms</code> for milliseconds,
+ <code>us</code> for microseconds, and <code>s</code> for seconds.
+ Using <code>s</code> gives the same result as <code>%T</code>
+ without any format; using <code>us</code> gives the same result
+ as <code>%D</code>. Combining <code>%T</code> with a unit is
+ available in 2.4.13 and later.</td></tr>
<tr class="odd"><td><code>%u</code></td>
<td>Remote user if the request was authenticated. May be bogus if return status
(<code>%s</code>) is 401 (unauthorized).</td></tr>
<p>
This directive points to a file with certificate data in PEM format.
At a minimum, the file must include an end-entity (leaf) certificate.
-Beginning with version 2.4.8, it may also include intermediate CA
-certificates, sorted from leaf to root, and obsoletes
-<code class="directive"><a href="#sslcertificatechainfile">SSLCertificateChainFile</a></code>.
+The directive can be used multiple times (referencing different filenames)
+to support multiple algorithms for server authentication - typically
+RSA, DSA, and ECC. The number of supported algorithms depends on the
+OpenSSL version being used for mod_ssl: with version 1.0.0 or later,
+<code>openssl list-public-key-algorithms</code> will output a list
+of supported algorithms.
</p>
<p>
-Additional optional elements are DH parameters and/or an EC curve name
-for ephemeral keys, as generated by <code>openssl dhparam</code> and
-<code>openssl ecparam</code>, respectively (supported in version 2.4.7
-or later) and finally, the end-entity certificate's private key.
-If the private key is encrypted, the pass phrase dialog is forced
-at startup time.</p>
+The files may also include intermediate CA certificates, sorted from
+leaf to root. This is supported with version 2.4.8 and later,
+and obsoletes <code class="directive"><a href="#sslcertificatechainfile">SSLCertificateChainFile</a></code>.
+When running with OpenSSL 1.0.2 or later, this allows
+to configure the intermediate CA chain on a per-certificate basis.
+</p>
<p>
-This directive can be used multiple times (referencing different filenames)
-to support multiple algorithms for server authentication - typically
-RSA, DSA, and ECC. The number of supported algorithms depends on the
-OpenSSL version being used for mod_ssl: with version 1.0.0 or later,
-<code>openssl list-public-key-algorithms</code> will output a list
-of supported algorithms.</p>
+Custom DH parameters and an EC curve name for ephemeral keys,
+can also be added to end of the first file configured using
+<code class="directive"><a href="#sslcertificatechainfile">SSLCertificateChainFile</a></code>.
+This is supported in version 2.4.7 or later.
+Such parameters can be generated using the commands
+<code>openssl dhparam</code> and <code>openssl ecparam</code>.
+The parameters can be added as-is to the end of the first
+certificate file. Only the first file can be used for custom
+parameters, as they are applied independently of the authentication
+algorithm type.
+</p>
<p>
-When running with OpenSSL 1.0.2 or later, this directive allows
-to configure the intermediate CA chain on a per-certificate basis,
-which removes a limitation of the (now obsolete)
-<code class="directive"><a href="#sslcertificatechainfile">SSLCertificateChainFile</a></code> directive.
-DH and ECDH parameters, however, are only read from the first
-<code class="directive">SSLCertificateFile</code> directive, as they
-are applied independently of the authentication algorithm type.</p>
+Finally the the end-entity certificate's private key can also be
+added to the certificate file instead of using a separate
+<code class="directive"><a href="#sslcertificatekeyfile">SSLCertificateKeyFile</a></code>
+directive. This practice is highly discouraged. If it is used,
+the certificate files using such an embedded key must be configured
+after the certificates using a separate key file. If the private
+key is encrypted, the pass phrase dialog is forced at startup time.
+</p>
<div class="note">
<h3>DH parameter interoperability with primes > 1024 bit</h3>
</table>
<p>
This directive points to the PEM-encoded private key file for the
-server (the private key may also be combined with the certificate in the
-<code class="directive"><a href="#sslcertificatefile">SSLCertificateFile</a></code>, but this practice
-is discouraged). If the contained private key is encrypted, the pass phrase
+server. If the contained private key is encrypted, the pass phrase
dialog is forced at startup time.</p>
<p>
directive, there must be a matching <code class="directive">SSLCertificateFile</code>
directive.</p>
+<p>
+The private key may also be combined with the certificate in the file given by
+<code class="directive"><a href="#sslcertificatefile">SSLCertificateFile</a></code>, but this practice
+is highly discouraged. If it is used, the certificate files using such
+an embedded key must be configured after the certificates using a separate
+key file.</p>
+
<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">SSLCertificateKeyFile "/usr/local/apache2/conf/ssl.key/server.key"</pre>
</div>
<p>Ticket keys should be rotated (replaced) on a frequent basis,
as this is the only way to invalidate an existing session ticket -
-OpenSSL currently doesn't allow to specify a limit for ticket lifetimes.</p>
+OpenSSL currently doesn't allow to specify a limit for ticket lifetimes.
+A new ticket key only gets used after restarting the web server.
+All existing session tickets become invalid after a restart.</p>
<div class="warning">
<p>The ticket key file contains sensitive keying material and should
the same storage types are supported as with
<code class="directive"><a href="#sslsessioncache">SSLSessionCache</a></code>.</p>
-<p>The <code>ssl-stapling</code> mutex is used to serialize access to the
-OCSP stapling cache to prevent corruption. This mutex can be configured
-using the <code class="directive"><a href="../mod/core.html#mutex">Mutex</a></code> directive.</p>
-
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="SSLStaplingErrorCacheTimeout" id="SSLStaplingErrorCacheTimeout">SSLStaplingErrorCacheTimeout</a> <a name="sslstaplingerrorcachetimeout" id="sslstaplingerrorcachetimeout">Directive</a></h2>
(TLS Multiple Certificate Status Extension).
</p>
+<p>When OCSP stapling is enabled, the <code>ssl-stapling</code> mutex is used
+to control access to the OCSP stapling cache in order to prevent corruption,
+and the <code>sss-stapling-refresh</code> mutex is used to control refreshes
+of OCSP responses. These mutexes can be configured using the
+<code class="directive"><a href="../mod/core.html#mutex">Mutex</a></code> directive.
+</p>
+
+
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="SSLVerifyClient" id="SSLVerifyClient">SSLVerifyClient</a> <a name="sslverifyclient" id="sslverifyclient">Directive</a></h2>
<p><span>Langues Disponibles: </span><a href="../en/mod/mod_ssl.html" hreflang="en" rel="alternate" title="English"> en </a> |
<a href="../fr/mod/mod_ssl.html" title="Français"> fr </a></p>
</div>
+<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version
+ anglaise pour les changements récents.</div>
<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Chiffrement de haut niveau basé sur les protocoles Secure
Sockets Layer (SSL) et Transport Layer Security (TLS)</td></tr>
<tr><th><a href="module-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision: 1681320 -->
+<!-- English Revision: 1681320:1682929 (outdated) -->
<!-- French translation : Lucien GENTIS -->
<!-- Reviewed by : Vincent Deffontaines -->
<variants>
<variant>en</variant>
- <variant>fr</variant>
+ <variant outdated="yes">fr</variant>
</variants>
</metafile>
or higher), you can either rearrange mod_ssl's cipher list with
<code class="directive"><a href="../mod/mod_ssl.html#sslciphersuite">SSLCipherSuite</a></code>
(possibly in conjunction with <code class="directive"><a href="../mod/mod_ssl.html#sslhonorcipherorder">SSLHonorCipherOrder</a></code>),
- or you can use the <code class="directive"><a href="../mod/mod_ssl.html#sslcertificatefile">SSLCertificateFile</a></code>
- directive to configure custom DH parameters with a 1024-bit prime, which
+ or you can use custom DH parameters with a 1024-bit prime, which
will always have precedence over any of the built-in DH parameters.</p>
- <p>To generate custom DH parameters, use the <code>openssl dhparam</code>
- command. Alternatively, you can append the following standard 1024-bit DH
+ <p>To generate custom DH parameters, use the <code>openssl dhparam 1024</code>
+ command. Alternatively, you can use the following standard 1024-bit DH
parameters from <a href="http://www.ietf.org/rfc/rfc2409.txt">RFC 2409</a>,
- section 6.2 to the respective
- <code class="directive"><a href="../mod/mod_ssl.html#sslcertificatefile">SSLCertificateFile</a></code> file:</p>
+ section 6.2:</p>
<div class="example"><pre>-----BEGIN DH PARAMETERS-----
MIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJR
Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL
/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC
-----END DH PARAMETERS-----</pre></div>
+ <p>Add the custom parameters including the "BEGIN DH PARAMETERS" and
+ "END DH PARAMETERS" lines to the end of the first certificate file
+ you have configured using the
+ <code class="directive"><a href="../mod/mod_ssl.html#sslcertificatefile">SSLCertificateFile</a></code> directive.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<p><span>Langues Disponibles: </span><a href="../en/ssl/ssl_faq.html" hreflang="en" rel="alternate" title="English"> en </a> |
<a href="../fr/ssl/ssl_faq.html" title="Français"> fr </a></p>
</div>
+<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version
+ anglaise pour les changements récents.</div>
<blockquote>
<p>Le sage n'apporte pas de bonnes réponses, il pose les bonnes questions</p>
<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision: 1674127 -->
+<!-- English Revision: 1674127:1682929 (outdated) -->
<!-- French translation : Lucien GENTIS -->
<!-- Reviewed by : Vincent Deffontaines -->
<variants>
<variant>en</variant>
- <variant>fr</variant>
+ <variant outdated="yes">fr</variant>
</variants>
</metafile>
projects / thirdparty / apache / httpd.git / commitdiff
