From: Eric Covener Date: Fri, 18 Jul 2025 19:50:33 +0000 (+0000) Subject: xform for mod_ssl X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c8469643438ad95b8d642b3bfdf26b16f041042e;p=thirdparty%2Fapache%2Fhttpd.git xform for mod_ssl git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1927322 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/mod_ssl.html.en.utf8 b/docs/manual/mod/mod_ssl.html.en.utf8 index 3e14a1f5ec..001a563c65 100644 --- a/docs/manual/mod/mod_ssl.html.en.utf8 +++ b/docs/manual/mod/mod_ssl.html.en.utf8 @@ -40,7 +40,7 @@ Layer (SSL) and Transport Layer Security (TLS) protocols

This module provides SSL v3 and TLS v1.x support for the Apache HTTP Server. SSL v2 is no longer supported.

-

This module relies on OpenSSL +

This module relies on OpenSSL to provide the cryptographic engine.

Further details, discussion, and examples are provided in the @@ -66,12 +66,12 @@ to provide the cryptographic engine.

  • SSLCertificateFile
  • SSLCertificateKeyFile
  • SSLCipherSuite
    • +
  • SSLClientHelloVars
  • SSLCompression
  • SSLCryptoDevice
  • SSLEngine
  • SSLFIPS
  • SSLHonorCipherOrder
    • -
  • SSLInsecureRenegotiation
  • SSLOCSPDefaultResponder
  • SSLOCSPEnable
  • SSLOCSPNoverify
    • @@ -198,6 +198,15 @@ compatibility variables.

    SSL_SRP_USER string SRP username SSL_SRP_USERINFO string SRP user info SSL_TLS_SNI string Contents of the SNI TLS extension (if supplied with ClientHello) +SSL_HANDSHAKE_RTT number Round-trip time of TLS handshake in microseconds including endpoint processing (set to empty string if OpenSSL version prior to 3.2 or if round-trip time can not be determined) +SSL_CLIENTHELLO_VERSION string Version field (legacy) from ClientHello as four hex encoded characters +SSL_CLIENTHELLO_CIPHERS string Cipher Suites from ClientHello as four hex encoded characters per item +SSL_CLIENTHELLO_EXTENSIONS string Extension IDs from ClientHello as four hex encoded characters per item +SSL_CLIENTHELLO_GROUPS string Value of Supported Groups extension (10) from ClientHello as four hex encoded characters per item +SSL_CLIENTHELLO_EC_FORMATS string Value of EC Point Formats extension (11) from ClientHello as two hex encoded characters per item +SSL_CLIENTHELLO_SIG_ALGOS string Value of Signature Algorithms extension (13) from ClientHello as four hex encoded characters per item +SSL_CLIENTHELLO_ALPN string Value of ALPN extension (16) from ClientHello as hex encoded string including leading string lengths +SSL_CLIENTHELLO_VERSIONS string Value of Supported Versions extension (43) from ClientHello as four hex encoded characters per item

    x509 specifies a component of an X.509 DN; one of @@ -230,6 +239,10 @@ suffix (if any). For example, SSL_SERVER_S_DN_OU_RAW or

    SSL_CLIENT_V_REMAIN is only available in version 2.1 and later.

    +

    The SSL_CLIENTHELLO_* variables require the directive +SSLClientHelloVars to be +enabled or they will not be populated.

    +

    A number of additional environment variables can also be used in SSLRequire expressions, or in custom log formats:

    @@ -625,9 +638,10 @@ If using a PEM file, at minimum, the file must include an end-entity (leaf) cert The directive can be used multiple times (referencing different filenames) to support multiple algorithms for server authentication - typically RSA, DSA, and ECC. The number of supported algorithms depends on the -OpenSSL version being used for mod_ssl: with version 1.0.0 or later, -openssl list-public-key-algorithms will output a list -of supported algorithms, see also the note below about limitations +OpenSSL version being used for mod_ssl: with version 3.0 or later, +openssl list -public-key-algorithms (or +openssl list-public-key-algorithms with OpenSSL 1.0) will output a list +of supported algorithms. See the note below about limitations of OpenSSL versions prior to 1.0.2 and the ways to work around them.

    @@ -677,7 +691,7 @@ Beginning with version 2.4.7, mod_ssl makes use of standardized DH parameters with prime lengths of 2048, 3072 and 4096 bits and with additional prime lengths of 6144 and 8192 bits beginning with version 2.4.10 -(from RFC 3526), and hands +(from RFC 3526), and hands them out to clients based on the length of the certificate's RSA/DSA key. With Java-based clients in particular (Java 7 or earlier), this may lead to handshake failures - see this @@ -796,7 +810,7 @@ Since TLSv1.3 does not offer renegotiations, specifying ciphers for it in a directory context is not allowed.

    For a list of TLSv1.3 cipher names, see -the OpenSSL +the OpenSSL documentation.

    An SSL cipher specification in cipher-spec is composed of 4 major @@ -943,6 +957,26 @@ KRB5-RC4-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(128) Mac=SHA1EXP-ADH-RC4-MD5 SSLv3 DH(512) None RC4(40) MD5 export + +

    top
    +

    SSLClientHelloVars Directive

    + + + + + + + + +
    Description:Enable collection of ClientHello variables
    Syntax:SSLClientHelloVars on|off
    Default:SSLClientHelloVars off
    Context:server config, virtual host
    Status:Extension
    Module:mod_ssl
    Compatibility:Available in httpd 2.5.2 and later, requires OpenSSL 1.1.1 or later
    +

    This directive enables collection of ClientHello data during the handshake that is retained for +the length of the connection so it can be exposed as SSL_CLIENTHELLLO_* environment +variables for requests depending upon the StdEnvVars setting. The variables are +formatted as the hex-encoded raw buffers seen in the raw network protocol and as provided +by OpenSSL. GREASE (RFC 8701) values are filtered by OpenSSL when enumerating extension IDs, but +otherwise, are passed through unchanged for other variables. If this directive is not enabled or +if OpenSSL prior to version 1.1.1 is used, these variables will not have a value set.

    +
    top

    SSLCompression Directive

    @@ -993,7 +1027,7 @@ With OpenSSL 3.0 or later, if no engine is specified but the key or certificate is specified using a PKCS#11 URIs then it is tried to load the key and certificate from an OpenSSL provider. The OpenSSL provider to use must be defined and configured in the OpenSSL config file, -and it must support the STORE method +and it must support the STORE method for PKCS#11 URIs.

    @@ -1002,11 +1036,15 @@ for PKCS#11 URIs.

    SSLEngine Directive

    - + +
    Description:SSL Engine Operation Switch
    Syntax:SSLEngine on|off|optional
    Syntax:SSLEngine on|off
    Default:SSLEngine off
    Context:server config, virtual host
    Status:Extension
    Module:mod_ssl
    Compatibility: + Support for the "optional" argument was removed in 2.4.64. It enabled + RFC 2817 (TLS Upgrade) support. +

    This directive toggles the usage of the SSL/TLS Protocol Engine. This @@ -1018,10 +1056,6 @@ SSLEngine on #... </VirtualHost>

    -

    SSLEngine can be set to optional: -this enables support for -RFC 2817. -

    top
    @@ -1068,47 +1102,6 @@ server's preference will be used instead.

    Example

    SSLHonorCipherOrder on
    - -
    top
    -

    SSLInsecureRenegotiation Directive

    - - - - - - - - -
    Description:Option to enable support for insecure renegotiation
    Syntax:SSLInsecureRenegotiation on|off
    Default:SSLInsecureRenegotiation off
    Context:server config, virtual host
    Status:Extension
    Module:mod_ssl
    Compatibility:Available if using OpenSSL 0.9.8m or later
    -

    As originally specified, all versions of the SSL and TLS protocols -(up to and including TLS/1.2) were vulnerable to a Man-in-the-Middle -attack -(CVE-2009-3555) -during a renegotiation. This vulnerability allowed an attacker to -"prefix" a chosen plaintext to the HTTP request as seen by the web -server. A protocol extension was developed which fixed this -vulnerability if supported by both client and server.

    - -

    If mod_ssl is linked against OpenSSL version 0.9.8m -or later, by default renegotiation is only supported with -clients supporting the new protocol extension. If this directive is -enabled, renegotiation will be allowed with old (unpatched) clients, -albeit insecurely.

    - -

    Security warning

    -

    If this directive is enabled, SSL connections will be vulnerable to -the Man-in-the-Middle prefix attack as described -in CVE-2009-3555.

    -
    - -

    Example

    SSLInsecureRenegotiation on
    -
    - -

    The SSL_SECURE_RENEG environment variable can be used -from an SSI or CGI script to determine whether secure renegotiation is -supported for a given SSL connection.

    - -
    top

    SSLOCSPDefaultResponder Directive

    @@ -1295,7 +1288,7 @@ features are added to OpenSSL.

    depends on the OpenSSL version being used for mod_ssl (at least version 1.0.2 is required). For a list of supported command names, see the section Supported configuration file commands in the -SSL_CONF_cmd(3) manual page for OpenSSL.

    +SSL_CONF_cmd(3) manual page for OpenSSL.

    Examples

    SSLOpenSSLConfCmd Options -SessionTicket,ServerPreference
 SSLOpenSSLConfCmd ECDHParameters brainpoolP256r1
@@ -1577,29 +1570,29 @@ The available (case-insensitive) protocols are:
    
     This is the Secure Sockets Layer (SSL) protocol, version 3.0, from
     the Netscape Corporation.
     It is the successor to SSLv2 and the predecessor to TLSv1, but is
-    deprecated in RFC 7568.
    
+    deprecated in RFC 7568.
    
 
 
  • TLSv1
     
    
     This is the Transport Layer Security (TLS) protocol, version 1.0.
     It is the successor to SSLv3 and is defined in
-    RFC 2246.
+    RFC 2246.
     It is supported by nearly every client.
    • 
 
 
  • TLSv1.1 (when using OpenSSL 1.0.1 and later)
     
    
     A revision of the TLS 1.0 protocol, as defined in
-    RFC 4346.
    • 
+    RFC 4346.
    
 
 
  • TLSv1.2 (when using OpenSSL 1.0.1 and later)
     
    
     A revision of the TLS 1.1 protocol, as defined in
-    RFC 5246.
    • 
+    RFC 5246.
    
 
 
  • TLSv1.3 (when using OpenSSL 1.1.1 and later)
     
    
     A new version of the TLS protocol, as defined in
-    RFC 8446.
    • 
+    RFC 8446.
    
 
 
  • all
     
    
@@ -2510,7 +2503,7 @@ values like 300 in real life.
    
 
 
    Optionally configures a secret key for encrypting and decrypting
 TLS session tickets, as defined in
-RFC 5077.
+RFC 5077.
 Primarily suitable for clustered environments where TLS sessions information
 should be shared between multiple nodes. For single-instance httpd setups,
 it is recommended to not configure a ticket key file, but to
@@ -2845,7 +2838,7 @@ OCSP response for a single cert. For server certificates with intermediate
 CA certificates in their chain (the typical case nowadays),
 stapling in its current implementation therefore only partially achieves the
 stated goal of "saving roundtrips and resources" - see also
-RFC 6961
+RFC 6961
 (TLS Multiple Certificate Status Extension).
 
    
 
@@ -2950,7 +2943,7 @@ var comments_identifier = 'http://httpd.apache.org/docs/trunk/mod/mod_ssl.html';
     }
 })(window, document);
 //-->