--- /dev/null
+ <hr />
+
+ <h3 align="CENTER">Apache HTTP Server Version 2.0</h3>
+ <a href="./"><img src="../images/index.gif" alt="Index" /></a>
+ <a href="../"><img src="../images/home.gif" alt="Home" /></a>
+
+
--- /dev/null
+ <div align="CENTER">
+ <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" />
+
+ <h3>Apache HTTP Server Version 2.0</h3>
+ </div>
+
-<html>
-<head>
-<title>mod_ssl: Title Page</title>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!--
- Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved.
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+<title>Apache SSL/TLS Encryption</title>
+</head>
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions
- are met:
+<body bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#000080" alink="#FF0000">
+<!--#include virtual="header.html" -->
- 1. Redistributions of source code must retain the above
- copyright notice, this list of conditions and the following
- disclaimer.
-
- 2. Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials
- provided with the distribution.
-
- 3. All advertising materials mentioning features or use of this
- software must display the following acknowledgment:
- "This product includes software developed by
- Ralf S. Engelschall <rse@engelschall.com> for use in the
- mod_ssl project (http://www.modssl.org/)."
-
- 4. The name "mod_ssl" must not be used to endorse or promote
- products derived from this software without prior written
- permission.
+<h1 align="CENTER">SSL/TLS Strong Encryption</h1>
- 5. Redistributions of any form whatsoever must retain the
- following acknowledgment:
- "This product includes software developed by
- Ralf S. Engelschall <rse@engelschall.com> for use in the
- mod_ssl project (http://www.modssl.org/)."
-
- THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- OF THE POSSIBILITY OF SUCH DAMAGE.
--->
-<style type="text/css"><!--
-A:link {
- text-decoration: none;
- color: #6666cc;
-}
-A:active {
- text-decoration: none;
- color: #6666cc;
-}
-A:visited {
- text-decoration: none;
- color: #6666cc;
-}
-#sf {
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-H1 {
- font-weight: bold;
- font-size: 24pt;
- line-height: 24pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-H2 {
- font-weight: bold;
- font-size: 18pt;
- line-height: 18pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-H3 {
- font-weight: bold;
- font-size: 14pt;
- line-height: 14pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-H4 {
- font-weight: bold;
- font-size: 12pt;
- line-height: 12pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-#H {
-}
-#D {
- background-color: #f0f0f0;
-}
-#faq {
- font-weight: bold;
- font-size: 16pt;
- line-height: 16pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-#howto {
- font-weight: bold;
- font-size: 16pt;
- line-height: 16pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-#term {
- font-weight: bold;
- font-size: 16pt;
- line-height: 16pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
---></style>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-function ro_imgNormal(imgName) {
- if (document.images) {
- document[imgName].src = eval(imgName + '_n.src');
- self.status = '';
- }
-}
-function ro_imgOver(imgName, descript) {
- if (document.images) {
- document[imgName].src = eval(imgName + '_o.src');
- self.status = descript;
- }
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
- ro_img_unknown1_n = new Image();
- ro_img_unknown1_n.src = 'ssl_template.navbut-next-n.gif';
- ro_img_unknown1_o = new Image();
- ro_img_unknown1_o.src = 'ssl_template.navbut-next-s.gif';
-}
-// done hiding -->
-</script>
-</head>
-<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066">
-<div align="center">
-<table width="600" cellspacing="0" cellpadding="0" border="0" summary="">
-<tr>
- <td>
-<br>
-<table cellspacing="0" cellpadding="0" border="0" summary="">
-<tr>
- <td>
- <table cellspacing="0" cellpadding="0" border="0" summary="">
- <tr>
- <td>
- <img
- src="ssl_cover_title.jpg"
- alt="User Manual"
- width="421" height="73">
- </td>
- </tr>
- <tr>
- <td align="right">
- <font face="Arial,Helvetica">mod_ssl version 2.8</font>
- </td>
- </tr>
- </table>
- <br>
- </td>
-</tr>
-<tr>
- <td>
- <a
- href="http://www.modssl.org/"
-><img
- src="ssl_cover_logo.jpg"
- alt="mod_ssl - The Apache Interface to OpenSSL"
- border="0"
- width="504" height="231"></a>
- </td>
-</tr>
-<tr>
- <td align="right">
- <table summary="">
- <tr>
- <td>
- <tt>Ralf S. Engelschall</tt><br>
- <tt>rse@engelschall.com</tt><br>
- <tt>www.engelschall.com</tt><br>
- </td>
- <td>
-
- </td>
- <td align="right" valign="bottom">
-<a href="ssl_overview.html" onmouseover="ro_imgOver('ro_img_unknown1', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_unknown1'); return true" onfocus="ro_imgOver('ro_img_unknown1', 'next page'); return true" onblur="ro_imgNormal('ro_img_unknown1'); return true"><img name="ro_img_unknown1" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br>Overview
- </td>
- <td>
- <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="30" height="1" align="bottom" border="0">
- </td>
- </tr>
- </table>
- </td>
-</tr>
-</table>
- </td>
-</tr>
-</table>
-</div>
-</body>
+<p>The Apache HTTP Server module <a href="../mod/mod_ssl.html">mod_ssl</a>
+provides an interface to the <a
+href="http://www.openssl.org/">OpenSSL</a> library, which provides
+Strong Encryption using the Secure Sockets Layer and Transport Layer
+Security protocols. The module and this documentation are based on
+Ralf S. Engelschall's mod_ssl project.</p>
+
+<ul>
+<li><a href="ssl_intro.html">Introduction</a></li>
+<li><a href="ssl_compat.html">Compatibility</a></li>
+<li><a href="ssl_howto.html">How-To</a></li>
+<li><a href="ssl_faq.html">Frequently Asked Questions</a></li>
+<li><a href="ssl_glossary.html">Glossary</a></li>
+</ul>
+
+<p>Extensive documentation on the directives and environment variables
+provided by this module is provided in the <a
+href="../mod/mod_ssl.html">mod_ssl reference documentation</a>.</p>
+
+
+<p><!--#include virtual="footer.html" --> </p>
+ </body>
</html>
-<html>
-<head>
-<title>mod_ssl: Title Page</title>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!--
- Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved.
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+<title>Apache SSL/TLS Encryption</title>
+</head>
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions
- are met:
+<body bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#000080" alink="#FF0000">
+<!--#include virtual="header.html" -->
- 1. Redistributions of source code must retain the above
- copyright notice, this list of conditions and the following
- disclaimer.
-
- 2. Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials
- provided with the distribution.
-
- 3. All advertising materials mentioning features or use of this
- software must display the following acknowledgment:
- "This product includes software developed by
- Ralf S. Engelschall <rse@engelschall.com> for use in the
- mod_ssl project (http://www.modssl.org/)."
-
- 4. The name "mod_ssl" must not be used to endorse or promote
- products derived from this software without prior written
- permission.
+<h1 align="CENTER">SSL/TLS Strong Encryption</h1>
- 5. Redistributions of any form whatsoever must retain the
- following acknowledgment:
- "This product includes software developed by
- Ralf S. Engelschall <rse@engelschall.com> for use in the
- mod_ssl project (http://www.modssl.org/)."
-
- THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- OF THE POSSIBILITY OF SUCH DAMAGE.
--->
-<style type="text/css"><!--
-A:link {
- text-decoration: none;
- color: #6666cc;
-}
-A:active {
- text-decoration: none;
- color: #6666cc;
-}
-A:visited {
- text-decoration: none;
- color: #6666cc;
-}
-#sf {
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-H1 {
- font-weight: bold;
- font-size: 24pt;
- line-height: 24pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-H2 {
- font-weight: bold;
- font-size: 18pt;
- line-height: 18pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-H3 {
- font-weight: bold;
- font-size: 14pt;
- line-height: 14pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-H4 {
- font-weight: bold;
- font-size: 12pt;
- line-height: 12pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-#H {
-}
-#D {
- background-color: #f0f0f0;
-}
-#faq {
- font-weight: bold;
- font-size: 16pt;
- line-height: 16pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-#howto {
- font-weight: bold;
- font-size: 16pt;
- line-height: 16pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-#term {
- font-weight: bold;
- font-size: 16pt;
- line-height: 16pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
---></style>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-function ro_imgNormal(imgName) {
- if (document.images) {
- document[imgName].src = eval(imgName + '_n.src');
- self.status = '';
- }
-}
-function ro_imgOver(imgName, descript) {
- if (document.images) {
- document[imgName].src = eval(imgName + '_o.src');
- self.status = descript;
- }
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
- ro_img_unknown1_n = new Image();
- ro_img_unknown1_n.src = 'ssl_template.navbut-next-n.gif';
- ro_img_unknown1_o = new Image();
- ro_img_unknown1_o.src = 'ssl_template.navbut-next-s.gif';
-}
-// done hiding -->
-</script>
-</head>
-<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066">
-<div align="center">
-<table width="600" cellspacing="0" cellpadding="0" border="0" summary="">
-<tr>
- <td>
-<br>
-<table cellspacing="0" cellpadding="0" border="0" summary="">
-<tr>
- <td>
- <table cellspacing="0" cellpadding="0" border="0" summary="">
- <tr>
- <td>
- <img
- src="ssl_cover_title.jpg"
- alt="User Manual"
- width="421" height="73">
- </td>
- </tr>
- <tr>
- <td align="right">
- <font face="Arial,Helvetica">mod_ssl version 2.8</font>
- </td>
- </tr>
- </table>
- <br>
- </td>
-</tr>
-<tr>
- <td>
- <a
- href="http://www.modssl.org/"
-><img
- src="ssl_cover_logo.jpg"
- alt="mod_ssl - The Apache Interface to OpenSSL"
- border="0"
- width="504" height="231"></a>
- </td>
-</tr>
-<tr>
- <td align="right">
- <table summary="">
- <tr>
- <td>
- <tt>Ralf S. Engelschall</tt><br>
- <tt>rse@engelschall.com</tt><br>
- <tt>www.engelschall.com</tt><br>
- </td>
- <td>
-
- </td>
- <td align="right" valign="bottom">
-<a href="ssl_overview.html" onmouseover="ro_imgOver('ro_img_unknown1', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_unknown1'); return true" onfocus="ro_imgOver('ro_img_unknown1', 'next page'); return true" onblur="ro_imgNormal('ro_img_unknown1'); return true"><img name="ro_img_unknown1" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br>Overview
- </td>
- <td>
- <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="30" height="1" align="bottom" border="0">
- </td>
- </tr>
- </table>
- </td>
-</tr>
-</table>
- </td>
-</tr>
-</table>
-</div>
-</body>
+<p>The Apache HTTP Server module <a href="../mod/mod_ssl.html">mod_ssl</a>
+provides an interface to the <a
+href="http://www.openssl.org/">OpenSSL</a> library, which provides
+Strong Encryption using the Secure Sockets Layer and Transport Layer
+Security protocols. The module and this documentation are based on
+Ralf S. Engelschall's mod_ssl project.</p>
+
+<ul>
+<li><a href="ssl_intro.html">Introduction</a></li>
+<li><a href="ssl_compat.html">Compatibility</a></li>
+<li><a href="ssl_howto.html">How-To</a></li>
+<li><a href="ssl_faq.html">Frequently Asked Questions</a></li>
+<li><a href="ssl_glossary.html">Glossary</a></li>
+</ul>
+
+<p>Extensive documentation on the directives and environment variables
+provided by this module is provided in the <a
+href="../mod/mod_ssl.html">mod_ssl reference documentation</a>.</p>
+
+
+<p><!--#include virtual="footer.html" --> </p>
+ </body>
</html>
-<html>
-<head>
-<title>mod_ssl: Compatibility</title>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!--
- Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions
- are met:
-
- 1. Redistributions of source code must retain the above
- copyright notice, this list of conditions and the following
- disclaimer.
-
- 2. Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials
- provided with the distribution.
-
- 3. All advertising materials mentioning features or use of this
- software must display the following acknowledgment:
- "This product includes software developed by
- Ralf S. Engelschall <rse@engelschall.com> for use in the
- mod_ssl project (http://www.modssl.org/)."
-
- 4. The name "mod_ssl" must not be used to endorse or promote
- products derived from this software without prior written
- permission.
-
- 5. Redistributions of any form whatsoever must retain the
- following acknowledgment:
- "This product includes software developed by
- Ralf S. Engelschall <rse@engelschall.com> for use in the
- mod_ssl project (http://www.modssl.org/)."
-
- THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- OF THE POSSIBILITY OF SUCH DAMAGE.
--->
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+<title>Apache SSL/TLS Encryption: Compatibility</title>
<style type="text/css"><!--
-A:link {
- text-decoration: none;
- color: #6666cc;
-}
-A:active {
- text-decoration: none;
- color: #6666cc;
-}
-A:visited {
- text-decoration: none;
- color: #6666cc;
-}
-#sf {
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-H1 {
- font-weight: bold;
- font-size: 24pt;
- line-height: 24pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-H2 {
- font-weight: bold;
- font-size: 18pt;
- line-height: 18pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-H3 {
- font-weight: bold;
- font-size: 14pt;
- line-height: 14pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-H4 {
- font-weight: bold;
- font-size: 12pt;
- line-height: 12pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
#H {
}
#D {
background-color: #f0f0f0;
}
-#faq {
- font-weight: bold;
- font-size: 16pt;
- line-height: 16pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-#howto {
- font-weight: bold;
- font-size: 16pt;
- line-height: 16pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-#term {
- font-weight: bold;
- font-size: 16pt;
- line-height: 16pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
--></style>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-function ro_imgNormal(imgName) {
- if (document.images) {
- document[imgName].src = eval(imgName + '_n.src');
- self.status = '';
- }
-}
-function ro_imgOver(imgName, descript) {
- if (document.images) {
- document[imgName].src = eval(imgName + '_o.src');
- self.status = descript;
- }
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
- ro_img_prev_top_n = new Image();
- ro_img_prev_top_n.src = 'ssl_template.navbut-prev-n.gif';
- ro_img_prev_top_o = new Image();
- ro_img_prev_top_o.src = 'ssl_template.navbut-prev-s.gif';
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
- ro_img_prev_bot_n = new Image();
- ro_img_prev_bot_n.src = 'ssl_template.navbut-prev-n.gif';
- ro_img_prev_bot_o = new Image();
- ro_img_prev_bot_o.src = 'ssl_template.navbut-prev-s.gif';
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
- ro_img_next_top_n = new Image();
- ro_img_next_top_n.src = 'ssl_template.navbut-next-n.gif';
- ro_img_next_top_o = new Image();
- ro_img_next_top_o.src = 'ssl_template.navbut-next-s.gif';
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
- ro_img_next_bot_n = new Image();
- ro_img_next_bot_n.src = 'ssl_template.navbut-next-n.gif';
- ro_img_next_bot_o = new Image();
- ro_img_next_bot_o.src = 'ssl_template.navbut-next-s.gif';
-}
-// done hiding -->
-</script>
</head>
-<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066">
-<div align="center">
-<table width="600" cellspacing="0" cellpadding="0" border="0" summary="">
-<tr>
- <td>
- <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br>
- <table width="600" cellspacing="0" cellpadding="0" summary="">
- <tr>
- <td>
- <table width="600" summary="">
- <tr>
- <td align="left" valign="bottom">
- <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font>
- </td>
- <td align="right">
- <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-4.gif" alt="4" width="74" height="89">
- </td>
- </tr>
- </table>
- </td>
- </tr>
- <tr>
- <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
- </tr>
- <tr>
- <td>
- <table width="600" border="0" summary="">
- <tr>
- <td valign="top" align="left" width="250">
-<a href="ssl_reference.html" onmouseover="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_top'); return true" onfocus="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_top'); return true"><img name="ro_img_prev_top" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Reference</font>
- </td>
- <td valign="top" align="right" width="250">
-<a href="ssl_howto.html" onmouseover="ro_imgOver('ro_img_next_top', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_top'); return true" onfocus="ro_imgOver('ro_img_next_top', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_top'); return true"><img name="ro_img_next_top" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">HowTo</font>
- </td>
- </tr>
- </table>
- </td>
- </tr>
- <tr>
- <td>
- <br>
- <img src="ssl_template.title-compat.gif" alt="Compatibility" width="456" height="60">
- </td>
- </tr>
- </table>
+
+<body bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#000080" alink="#FF0000">
+<!--#include virtual="header.html" -->
+
+<h1 align="CENTER">SSL/TLS Strong Encryption: Compatibility</h1>
+
<div align="right">
<table cellspacing="0" cellpadding="0" width="200" summary="">
<tr>
</table>
</div>
<p>
-<table cellspacing="0" cellpadding="0" border="0" summary="">
-<tr valign="bottom">
-<td>
-<img src="ssl_compat.gfont000.gif" alt="H" width="40" height="34" border="0" align="left">
-ere we talk about backward compatibility to other SSL solutions. As you
+Here we talk about backward compatibility to other SSL solutions. As you
perhaps know, mod_ssl is not the only existing SSL solution for Apache.
Actually there are four additional major products available on the market: Ben
Laurie's freely available <a href="http://www.apache-ssl.org/">Apache-SSL</a>
and finally C2Net's commercial product <a
href="http://www.c2.net/products/stronghold/">Stronghold</a> (based on a
different evolution branch named Sioux up to Stronghold 2.x and based on
-mod_ssl since Stronghold 3.x).
-</td>
-<td>
-
-</td>
-<td>
-<div align="right">
-<table cellspacing="0" cellpadding="5" border="0" bgcolor="#ccccff" summary="">
-<tr>
-<td bgcolor="#333399">
-<font face="Arial,Helvetica" color="#ccccff">
-<b>Table Of Contents</b>
-</font>
-</td>
-</tr>
-<tr>
-<td>
-<font face="Arial,Helvetica" size="-1">
- <a href="#ToC1"><strong>Configuration Directives</strong></a><br>
- <a href="#ToC2"><strong>Environment Variables</strong></a><br>
- <a href="#ToC3"><strong>Custom Log Functions</strong></a><br>
-</font>
-</td>
-</tr>
-</table>
-</div>
-</td>
-</tr>
-</table>
+mod_ssl since Stronghold 3.x).</p>
+
<p>
The idea in mod_ssl is mainly the following: because mod_ssl provides mostly a
superset of the functionality of all other solutions we can easily provide
backward compatibility for most of the cases. Actually there are three
compatibility areas we currently address: configuration directives,
environment variables and custom log functions.
+
+<ul>
+<li><a href="#ToC1">Configuration Directives</a></li>
+<li><a href="#ToC2">Environment Variables</a></li>
+<li><a href="#ToC3">Custom Log Functions</a></li>
+</ul>
+
<h2><a name="ToC1">Configuration Directives</a></h2>
For backward compatibility to the configuration directives of other SSL
solutions we do an on-the-fly mapping: directives which have a direct
compatibilty is provided only for Apache-SSL 1.x and mod_ssl 2.0.x.
Compatibility to Sioux 1.x and Stronghold 2.x is only partial because of
special functionality in these interfaces which mod_ssl (still) doesn't
-provide.
+provide.</p>
+
+
<p>
<div align="center">
<a name="table1"></a>
<h2><a name="ToC3">Custom Log Functions</a></h2>
When mod_ssl is built into Apache or at least loaded (under DSO situation)
additional functions exist for the <a
-href="../mod_log_config.html#formats">Custom Log Format</a> of <a
-href="../mod_log_config.html">mod_log_config</a> as documented in the Reference
+href="../mod
/mod_log_config.html#formats">Custom Log Format</a> of <a
+href="../mod/mod_log_config.html">mod_log_config</a> as documented in the Reference
Chapter. Beside the ``<code>%{</code><em>varname</em><code>}x</code>''
eXtension format function which can be used to expand any variables provided
by any module, an additional Cryptography
</tr></table>
</td></tr></table>
</div>
- <p>
- <br>
- <table summary="">
- <tr>
- <td>
- <table width="600" border="0" summary="">
- <tr>
- <td valign="top" align="left" width="250">
-<a href="ssl_reference.html" onmouseover="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_bot'); return true" onfocus="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_bot'); return true"><img name="ro_img_prev_bot" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Reference</font>
- </td>
- <td valign="top" align="right" width="250">
-<a href="ssl_howto.html" onmouseover="ro_imgOver('ro_img_next_bot', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_bot'); return true" onfocus="ro_imgOver('ro_img_next_bot', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_bot'); return true"><img name="ro_img_next_bot" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">HowTo</font>
- </td>
- </tr>
- </table>
- </td>
- </tr>
- <tr>
- <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
- </tr>
- <tr>
- <td><table width="598" summary="">
- <tr>
- <td align="left"><font face="Arial,Helvetica">
- <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br>
- The Apache Interface to OpenSSL
- </font>
- </td>
- <td align="right"><font face="Arial,Helvetica">
- Copyright © 1998-2001
- <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br>
- All Rights Reserved<br>
- </font>
- </td>
- </tr>
- </table>
- </td>
- </tr>
- </table>
- </td>
-</tr>
-</table>
-</div>
-</body>
-</html>
+<p><!--#include virtual="footer.html" --> </p>
+ </body>
+</html>
\ No newline at end of file
-<html>
-<head>
-<title>mod_ssl: F.A.Q.</title>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!--
- Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions
- are met:
-
- 1. Redistributions of source code must retain the above
- copyright notice, this list of conditions and the following
- disclaimer.
-
- 2. Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials
- provided with the distribution.
-
- 3. All advertising materials mentioning features or use of this
- software must display the following acknowledgment:
- "This product includes software developed by
- Ralf S. Engelschall <rse@engelschall.com> for use in the
- mod_ssl project (http://www.modssl.org/)."
-
- 4. The name "mod_ssl" must not be used to endorse or promote
- products derived from this software without prior written
- permission.
-
- 5. Redistributions of any form whatsoever must retain the
- following acknowledgment:
- "This product includes software developed by
- Ralf S. Engelschall <rse@engelschall.com> for use in the
- mod_ssl project (http://www.modssl.org/)."
-
- THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- OF THE POSSIBILITY OF SUCH DAMAGE.
--->
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+<title>Apache SSL/TLS Encryption: FAQ</title>
<style type="text/css"><!--
-A:link {
- text-decoration: none;
- color: #6666cc;
-}
-A:active {
- text-decoration: none;
- color: #6666cc;
-}
-A:visited {
- text-decoration: none;
- color: #6666cc;
-}
-#sf {
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-H1 {
- font-weight: bold;
- font-size: 24pt;
- line-height: 24pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-H2 {
- font-weight: bold;
- font-size: 18pt;
- line-height: 18pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-H3 {
- font-weight: bold;
- font-size: 14pt;
- line-height: 14pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-H4 {
- font-weight: bold;
- font-size: 12pt;
- line-height: 12pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
#H {
}
#D {
background-color: #f0f0f0;
}
-#faq {
- font-weight: bold;
- font-size: 16pt;
- line-height: 16pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-#howto {
- font-weight: bold;
- font-size: 16pt;
- line-height: 16pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-#term {
- font-weight: bold;
- font-size: 16pt;
- line-height: 16pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
--></style>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-function ro_imgNormal(imgName) {
- if (document.images) {
- document[imgName].src = eval(imgName + '_n.src');
- self.status = '';
- }
-}
-function ro_imgOver(imgName, descript) {
- if (document.images) {
- document[imgName].src = eval(imgName + '_o.src');
- self.status = descript;
- }
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
- ro_img_prev_top_n = new Image();
- ro_img_prev_top_n.src = 'ssl_template.navbut-prev-n.gif';
- ro_img_prev_top_o = new Image();
- ro_img_prev_top_o.src = 'ssl_template.navbut-prev-s.gif';
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
- ro_img_prev_bot_n = new Image();
- ro_img_prev_bot_n.src = 'ssl_template.navbut-prev-n.gif';
- ro_img_prev_bot_o = new Image();
- ro_img_prev_bot_o.src = 'ssl_template.navbut-prev-s.gif';
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
- ro_img_next_top_n = new Image();
- ro_img_next_top_n.src = 'ssl_template.navbut-next-n.gif';
- ro_img_next_top_o = new Image();
- ro_img_next_top_o.src = 'ssl_template.navbut-next-s.gif';
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
- ro_img_next_bot_n = new Image();
- ro_img_next_bot_n.src = 'ssl_template.navbut-next-n.gif';
- ro_img_next_bot_o = new Image();
- ro_img_next_bot_o.src = 'ssl_template.navbut-next-s.gif';
-}
-// done hiding -->
-</script>
</head>
-<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066">
-<div align="center">
-<table width="600" cellspacing="0" cellpadding="0" border="0" summary="">
-<tr>
- <td>
- <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br>
- <table width="600" cellspacing="0" cellpadding="0" summary="">
- <tr>
- <td>
- <table width="600" summary="">
- <tr>
- <td align="left" valign="bottom">
- <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font>
- </td>
- <td align="right">
- <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-6.gif" alt="6" width="74" height="89">
- </td>
- </tr>
- </table>
- </td>
- </tr>
- <tr>
- <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
- </tr>
- <tr>
- <td>
- <table width="600" border="0" summary="">
- <tr>
- <td valign="top" align="left" width="250">
-<a href="ssl_howto.html" onmouseover="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_top'); return true" onfocus="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_top'); return true"><img name="ro_img_prev_top" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">HowTo</font>
- </td>
- <td valign="top" align="right" width="250">
-<a href="ssl_glossary.html" onmouseover="ro_imgOver('ro_img_next_top', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_top'); return true" onfocus="ro_imgOver('ro_img_next_top', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_top'); return true"><img name="ro_img_next_top" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Glossary</font>
- </td>
- </tr>
- </table>
- </td>
- </tr>
- <tr>
- <td>
- <br>
- <img src="ssl_template.title-faq.gif" alt="F.A.Q." width="456" height="60">
- </td>
- </tr>
- </table>
+
+<body bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#000080" alink="#FF0000">
+<!--#include virtual="header.html" -->
+
+<h1 align="CENTER">SSL/TLS Strong Encryption: FAQ</h1>
+
+
<div align="right">
<table cellspacing="0" cellpadding="0" width="200" summary="">
<tr>
</tr>
</table>
</div>
+
<p>
-<table cellspacing="0" cellpadding="0" border="0" summary="">
-<tr valign="bottom">
-<td>
-<img src="ssl_faq.gfont000.gif" alt="T" width="34" height="34" border="0" align="left">
-his chapter is a collection of frequently asked questions (FAQ) and
+This chapter is a collection of frequently asked questions (FAQ) and
corresponding answers following the popular USENET tradition. Most of these
questions occured on the Newsgroup <a
href="news:comp.infosystems.www.servers.unix">
Please read this chapter at least once when installing mod_ssl or at least
search for your problem here before submitting a problem report to the
author.
-</td>
-<td>
-
-</td>
-<td>
-<div align="right">
-<table cellspacing="0" cellpadding="5" border="0" bgcolor="#ccccff" width="350" summary="">
-<tr>
-<td bgcolor="#333399">
-<font face="Arial,Helvetica" color="#ccccff">
-<b>Table Of Contents</b>
-</font>
-</td>
-</tr>
-<tr>
-<td>
-<font face="Arial,Helvetica" size="-1">
- <a href="#ToC1"><strong>About the module</strong></a><br>
- <a href="#ToC2"><strong>What is the history of mod_ssl?</strong></a><br>
- <a href="#ToC3"><strong>Apache-SSL vs. mod_ssl: differences?</strong></a><br>
- <a href="#ToC4"><strong>mod_ssl vs. commercial alternatives?</strong></a><br>
- <a href="#ToC5"><strong>mod_ssl/Apache versions?</strong></a><br>
- <a href="#ToC6"><strong>mod_ssl and Year 2000?</strong></a><br>
- <a href="#ToC7"><strong>mod_ssl and Wassenaar Arrangement?</strong></a><br>
- <a href="#ToC8"><strong>About Installation</strong></a><br>
- <a href="#ToC9"><strong>Core dumps for HTTPS requests?</strong></a><br>
- <a href="#ToC10"><strong>Core dumps for Apache+mod_ssl+PHP3?</strong></a><br>
- <a href="#ToC11"><strong>Undefined symbols on startup?</strong></a><br>
- <a href="#ToC12"><strong>Permission problem on SSLMutex</strong></a><br>
- <a href="#ToC13"><strong>Shared memory and process size?</strong></a><br>
- <a href="#ToC14"><strong>Shared memory and pathname?</strong></a><br>
- <a href="#ToC15"><strong>PRNG and not enough entropy?</strong></a><br>
- <a href="#ToC16"><strong>About Configuration</strong></a><br>
- <a href="#ToC17"><strong>HTTP and HTTPS with a single server?</strong></a><br>
- <a href="#ToC18"><strong>Where is the HTTPS port?</strong></a><br>
- <a href="#ToC19"><strong>How to test HTTPS manually?</strong></a><br>
- <a href="#ToC20"><strong>Why does my connection hang?</strong></a><br>
- <a href="#ToC21"><strong>Why do I get connection refused?</strong></a><br>
- <a href="#ToC22"><strong>Why are the SSL_XXX variables missing?</strong></a><br>
- <a href="#ToC23"><strong>How to switch with relative hyperlinks?</strong></a><br>
- <a href="#ToC24"><strong>About Certificates</strong></a><br>
- <a href="#ToC25"><strong>What are Keys, CSRs and Certs?</strong></a><br>
- <a href="#ToC26"><strong>Difference on startup?</strong></a><br>
- <a href="#ToC27"><strong>How to create a dummy cert?</strong></a><br>
- <a href="#ToC28"><strong>How to create a real cert?</strong></a><br>
- <a href="#ToC29"><strong>How to create my own CA?</strong></a><br>
- <a href="#ToC30"><strong>How to change a pass phrase?</strong></a><br>
- <a href="#ToC31"><strong>How to remove a pass phrase?</strong></a><br>
- <a href="#ToC32"><strong>How to verify a key/cert pair?</strong></a><br>
- <a href="#ToC33"><strong>Bad Certificate Error?</strong></a><br>
- <a href="#ToC34"><strong>Why does a 2048-bit key not work?</strong></a><br>
- <a href="#ToC35"><strong>Why is client auth broken?</strong></a><br>
- <a href="#ToC36"><strong>How to convert from PEM to DER?</strong></a><br>
- <a href="#ToC37"><strong>Verisign and the magic getca program?</strong></a><br>
- <a href="#ToC38"><strong>Global IDs or SGC?</strong></a><br>
- <a href="#ToC39"><strong>Global IDs and Cert Chain?</strong></a><br>
- <a href="#ToC40"><strong>About SSL Protocol</strong></a><br>
- <a href="#ToC41"><strong>Random SSL errors under heavy load?</strong></a><br>
- <a href="#ToC42"><strong>Why has the server a higher load?</strong></a><br>
- <a href="#ToC43"><strong>Why are connections horribly slow?</strong></a><br>
- <a href="#ToC44"><strong>Which ciphers are supported?</strong></a><br>
- <a href="#ToC45"><strong>How to use Anonymous-DH ciphers</strong></a><br>
- <a href="#ToC46"><strong>Why do I get 'no shared ciphers'?</strong></a><br>
- <a href="#ToC47"><strong>HTTPS and name-based vhosts</strong></a><br>
- <a href="#ToC48"><strong>The lock icon in Netscape locks very late</strong></a><br>
- <a href="#ToC49"><strong>Why do I get I/O errors with MSIE clients?</strong></a><br>
- <a href="#ToC50"><strong>Why do I get I/O errors with NS clients?</strong></a><br>
- <a href="#ToC51"><strong>About Support</strong></a><br>
- <a href="#ToC52"><strong>Resources in case of problems?</strong></a><br>
- <a href="#ToC53"><strong>Support in case of problems?</strong></a><br>
- <a href="#ToC54"><strong>How to write a problem report?</strong></a><br>
- <a href="#ToC55"><strong>I got a core dump, can you help me?</strong></a><br>
- <a href="#ToC56"><strong>How to get a backtrace?</strong></a><br>
-</font>
-</td>
-</tr>
-</table>
-</div>
-</td>
-</tr>
-</table>
+
+<ul>
+<li><a href="#ToC1">About the module</a>
+<ul>
+<li><a href="#ToC2">What is the history of mod_ssl?</a></li>
+<li><a href="#ToC3">Apache-SSL vs. mod_ssl: differences?</a></li>
+<li><a href="#ToC4">mod_ssl vs. commercial alternatives?</a></li>
+<li><a href="#ToC5">mod_ssl/Apache versions?</a></li>
+<li><a href="#ToC6">mod_ssl and Year 2000?</a></li>
+<li><a href="#ToC7">mod_ssl and Wassenaar Arrangement?</a></li>
+</ul></li>
+<li><a href="#ToC8">About Installation</a></li>
+<ul>
+<li><a href="#ToC9">Core dumps for HTTPS requests?</a></li>
+<li><a href="#ToC10">Core dumps for Apache+mod_ssl+PHP3?</a></li>
+<li><a href="#ToC11">Undefined symbols on startup?</a></li>
+<li><a href="#ToC12">Permission problem on SSLMutex</a></li>
+<li><a href="#ToC13">Shared memory and process size?</a></li>
+<li><a href="#ToC14">Shared memory and pathname?</a></li>
+<li><a href="#ToC15">PRNG and not enough entropy?</a></li>
+</ul></li>
+<li><a href="#ToC16">About Configuration</a></li>
+<ul>
+<li><a href="#ToC17">HTTP and HTTPS with a single server?</a></li>
+<li><a href="#ToC18">Where is the HTTPS port?</a></li>
+<li><a href="#ToC19">How to test HTTPS manually?</a></li>
+<li><a href="#ToC20">Why does my connection hang?</a></li>
+<li><a href="#ToC21">Why do I get connection refused?</a></li>
+<li><a href="#ToC22">Why are the SSL_XXX variables missing?</a></li>
+<li><a href="#ToC23">How to switch with relative hyperlinks?</a></li>
+</ul></li>
+<li><a href="#ToC24">About Certificates</a></li>
+<ul>
+<li><a href="#ToC25">What are Keys, CSRs and Certs?</a></li>
+<li><a href="#ToC26">Difference on startup?</a></li>
+<li><a href="#ToC27">How to create a dummy cert?</a></li>
+<li><a href="#ToC28">How to create a real cert?</a></li>
+<li><a href="#ToC29">How to create my own CA?</a></li>
+<li><a href="#ToC30">How to change a pass phrase?</a></li>
+<li><a href="#ToC31">How to remove a pass phrase?</a></li>
+<li><a href="#ToC32">How to verify a key/cert pair?</a></li>
+<li><a href="#ToC33">Bad Certificate Error?</a></li>
+<li><a href="#ToC34">Why does a 2048-bit key not work?</a></li>
+<li><a href="#ToC35">Why is client auth broken?</a></li>
+<li><a href="#ToC36">How to convert from PEM to DER?</a></li>
+<li><a href="#ToC37">Verisign and the magic getca program?</a></li>
+<li><a href="#ToC38">Global IDs or SGC?</a></li>
+<li><a href="#ToC39">Global IDs and Cert Chain?</a></li>
+</ul></li>
+<li><a href="#ToC40">About SSL Protocol</a></li>
+<ul>
+<li><a href="#ToC41">Random SSL errors under heavy load?</a></li>
+<li><a href="#ToC42">Why has the server a higher load?</a></li>
+<li><a href="#ToC43">Why are connections horribly slow?</a></li>
+<li><a href="#ToC44">Which ciphers are supported?</a></li>
+<li><a href="#ToC45">How to use Anonymous-DH ciphers</a></li>
+<li><a href="#ToC46">Why do I get 'no shared ciphers'?</a></li>
+<li><a href="#ToC47">HTTPS and name-based vhosts</a></li>
+<li><a href="#ToC48">The lock icon in Netscape locks very late</a></li>
+<li><a href="#ToC49">Why do I get I/O errors with MSIE clients?</a></li>
+<li><a href="#ToC50">Why do I get I/O errors with NS clients?</a></li>
+</ul></li>
+<li><a href="#ToC51">About Support</a></li>
+<ul>
+<li><a href="#ToC52">Resources in case of problems?</a></li>
+<li><a href="#ToC53">Support in case of problems?</a></li>
+<li><a href="#ToC54">How to write a problem report?</a></li>
+<li><a href="#ToC55">I got a core dump, can you help me?</a></li>
+<li><a href="#ToC56">How to get a backtrace?</a></li>
+</ul></li>
+</ul>
+
+
<h2><a name="ToC1">About the module</a></h2>
<ul>
<p>
<strong id="faq">
What is the history of mod_ssl?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#history"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#history"><b>L</b></a>]
<p>
The mod_ssl v1 package was initially created in April 1998 by <a
href="mailto:rse@engelschall.com">Ralf S. Engelschall</a> via porting <a
What are the functional differences between mod_ssl and Apache-SSL, from where
it is originally derived?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#apssl-diff"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#apssl-diff"><b>L</b></a>]
<p>
This neither can be answered in short (there were too many code changes)
nor can be answered at all by the author (there would immediately be flame
What are the major differences between mod_ssl and
the commercial alternatives like Raven or Stronghold?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#apssl-diff"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#apssl-diff"><b>L</b></a>]
<p>
In the past (until September 20th, 2000) the major difference was
the RSA license which one received (very cheaply in contrast to
<strong id="faq">
How do I know which mod_ssl version is for which Apache version?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#what-version"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#what-version"><b>L</b></a>]
<p>
That's trivial: mod_ssl uses version strings of the syntax
<em><mod_ssl-version></em>-<em><apache-version></em>, for
<strong id="faq">
Is mod_ssl Year 2000 compliant?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#y2k"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#y2k"><b>L</b></a>]
<p>
Yes, mod_ssl is Year 2000 compliant.
<p>
<strong id="faq">
What about mod_ssl and the Wassenaar Arrangement?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#wassenaar"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#wassenaar"><b>L</b></a>]
<p>
First, let us explain what <i>Wassenaar</i> and it's <i>Arrangement on
Export Controls for Conventional Arms and Dual-Use Goods and
<strong id="faq">
When I access my website the first time via HTTPS I get a core dump?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#core-dbm"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#core-dbm"><b>L</b></a>]
<p>
There can be a lot of reasons why a core dump can occur, of course.
Ranging from buggy third-party modules, over buggy vendor libraries up to
<strong id="faq">
My Apache dumps core when I add both mod_ssl and PHP3?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#core-php3"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#core-php3"><b>L</b></a>]
<p>
Make sure you add mod_ssl to the Apache source tree first and then do a
fresh configuration and installation of PHP3. For SSL support EAPI patches
<strong id="faq">
When I startup Apache I get errors about undefined symbols like ap_global_ctx?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#dso-sym"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#dso-sym"><b>L</b></a>]
<p>
This actually means you installed mod_ssl as a DSO, but without rebuilding
Apache with EAPI. Because EAPI is a requirement for mod_ssl, you need an
<strong id="faq">
When I startup Apache I get permission errors related to SSLMutex?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#mutex-perm"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#mutex-perm"><b>L</b></a>]
<p>
When you receive entries like ``<code>mod_ssl: Child could not open
SSLMutex lockfile /opt/apache/logs/ssl_mutex.18332 (System error follows)
When I use the MM library and the shared memory cache each process grows
1.5MB according to `top' although I specified 512000 as the cache size?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#mm"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#mm"><b>L</b></a>]
<p>
The additional 1MB are caused by the global shared memory pool EAPI
allocates for all modules and which is not used by mod_ssl for
EAPI_MM_CORE_PATH define. Is there a way to override the path using a
configuration directive?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#mmpath"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#mmpath"><b>L</b></a>]
<p>
No, there is not configuration directive, because for technical
bootstrapping reasons, a directive not possible at all. Instead
"Failed to generate temporary 512 bit RSA private key", why?
And a "PRNG not seeded" error occurs if I try "make certificate".
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#entropy"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#entropy"><b>L</b></a>]
<p>
Cryptographic software needs a source of unpredictable data
to work correctly. Many open source operating systems provide
<strong id="faq">
Is it possible to provide HTTP and HTTPS with a single server?</strong>
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#https-parallel"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#https-parallel"><b>L</b></a>]
<p>
Yes, HTTP and HTTPS use different server ports, so there is no direct
conflict between them. Either run two separate server instances (one binds
<strong id="faq">
I know that HTTP is on port 80, but where is HTTPS?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#https-port"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#https-port"><b>L</b></a>]
<p>
You can run HTTPS on any port, but the standards specify port 443, which
is where any HTTPS compliant browser will look by default. You can force
<strong id="faq">
How can I speak HTTPS manually for testing purposes?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#https-test"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#https-test"><b>L</b></a>]
<p>
While you usually just use
<p>
<strong id="faq">
Why does the connection hang when I connect to my SSL-aware Apache server?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#hang"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#hang"><b>L</b></a>]
<p>
Because you connected with HTTP to the HTTPS port, i.e. you used an URL of
the form ``<code>http://</code>'' instead of ``<code>https://</code>''.
Why do I get ``Connection Refused'' messages when trying to access my freshly
installed Apache+mod_ssl server via HTTPS?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#hang"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#hang"><b>L</b></a>]
<p>
There can be various reasons. Some of the common mistakes is that people
start Apache with just ``<tt>apachectl start</tt>'' (or
In my CGI programs and SSI scripts the various documented
<code>SSL_XXX</code> variables do not exists. Why?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#env-vars"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#env-vars"><b>L</b></a>]
<p>
Just make sure you have ``<code>SSLOptions +StdEnvVars</code>''
enabled for the context of your CGI/SSI requests.
<strong id="faq">
How can I use relative hyperlinks to switch between HTTP and HTTPS?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#relative-links"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#relative-links"><b>L</b></a>]
<p>
Usually you have to use fully-qualified hyperlinks because
you have to change the URL scheme. But with the help of some URL
<strong id="faq">
What are RSA Private Keys, CSRs and Certificates?</strong>
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#what-is"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#what-is"><b>L</b></a>]
<p>
The RSA private key file is a digital file that you can use to decrypt
messages sent to you. It has a public component which you distribute (via
<strong id="faq">
Seems like there is a difference on startup between the original Apache and an SSL-aware Apache?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#startup"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#startup"><b>L</b></a>]
<p>
Yes, in general, starting Apache with a built-in mod_ssl is just like
starting an unencumbered Apache, except for the fact that when you have a
<strong id="faq">
How can I create a dummy SSL server Certificate for testing purposes?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#cert-dummy"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#cert-dummy"><b>L</b></a>]
<p>
A Certificate does not have to be signed by a public CA. You can use your
private key to sign the Certificate which contains your public key. You
Ok, I've got my server installed and want to create a real SSL
server Certificate for it. How do I do it?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#cert-real"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#cert-real"><b>L</b></a>]
<p>
Here is a step-by-step description:
<p>
<strong id="faq">
How can I create and use my own Certificate Authority (CA)?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#cert-ownca"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#cert-ownca"><b>L</b></a>]
<p>
The short answer is to use the <code>CA.sh</code> or <code>CA.pl</code>
script provided by OpenSSL. The long and manual answer is this:
<strong id="faq">
How can I change the pass-phrase on my private key file?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#change-passphrase"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#change-passphrase"><b>L</b></a>]
<p>
You simply have to read it with the old pass-phrase and write it again
by specifying the new pass-phrase. You can accomplish this with the following
<strong id="faq">
How can I get rid of the pass-phrase dialog at Apache startup time?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#remove-passphrase"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#remove-passphrase"><b>L</b></a>]
<p>
The reason why this dialog pops up at startup and every re-start
is that the RSA private key inside your server.key file is stored in
<strong id="faq">
How do I verify that a private key matches its Certificate?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#verify-key"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#verify-key"><b>L</b></a>]
<p>
The private key contains a series of numbers. Two of those numbers form
the "public key", the others are part of your "private key". The "public
What does it mean when my connections fail with an "alert bad certificate"
error?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#keysize1"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#keysize1"><b>L</b></a>]
<p>
Usually when you see errors like ``<tt>OpenSSL: error:14094412: SSL
routines:SSL3_READ_BYTES:sslv3 alert bad certificate</tt>'' in the SSL
<strong id="faq">
Why does my 2048-bit private key not work?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#keysize2"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#keysize2"><b>L</b></a>]
<p>
The private key sizes for SSL must be either 512 or 1024 for compatibility
with certain web browsers. A keysize of 1024 bits is recommended because
Why is client authentication broken after upgrading from
SSLeay version 0.8 to 0.9?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#hash-symlinks"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#hash-symlinks"><b>L</b></a>]
<p>
The CA certificates under the path you configured with
<code>SSLCACertificatePath</code> are found by SSLeay through hash
<strong id="faq">
How can I convert a certificate from PEM to DER format?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#pem-to-der"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#pem-to-der"><b>L</b></a>]
<p>
The default certificate format for SSLeay/OpenSSL is PEM, which actually
is Base64 encoded DER with header and footer lines. For some applications
I try to install a Verisign certificate. Why can't I find neither the
<code>getca</code> nor <code>getverisign</code> programs Verisign mentions?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#verisign-getca"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#verisign-getca"><b>L</b></a>]
<p>
This is because Verisign has never provided specific instructions
for Apache+mod_ssl. Rather they tell you what you should do
Can I use the Server Gated Cryptography (SGC) facility (aka Verisign Global
ID) also with mod_ssl?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#gid"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#gid"><b>L</b></a>]
<p>
Yes, mod_ssl since version 2.1 supports the SGC facility. You don't have
to configure anything special for this, just use a Global ID as your
After I have installed my new Verisign Global ID server certificate, the
browsers complain that they cannot verify the server certificate?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#gid"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#gid"><b>L</b></a>]
<p>
That is because Verisign uses an intermediate CA certificate between
the root CA certificate (which is installed in the browsers) and
<strong id="faq">
Why do I get lots of random SSL protocol errors under heavy server load?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#random-errors"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#random-errors"><b>L</b></a>]
<p>
There can be a number of reasons for this, but the main one
is problems with the SSL session Cache specified by the
<strong id="faq">
Why has my webserver a higher load now that I run SSL there?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#load"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#load"><b>L</b></a>]
<p>
Because SSL uses strong cryptographic encryption and this needs a lot of
number crunching. And because when you request a webpage via HTTPS even
Often HTTPS connections to my server require up to 30 seconds for establishing
the connection, although sometimes it works faster?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#random"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#random"><b>L</b></a>]
<p>
Usually this is caused by using a <code>/dev/random</code> device for
<code>SSLRandomSeed</code> which is blocking in read(2) calls if not
<strong id="faq">
What SSL Ciphers are supported by mod_ssl?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#ciphers"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#ciphers"><b>L</b></a>]
<p>
Usually just all SSL ciphers which are supported by the
version of OpenSSL in use (can depend on the way you built
I want to use Anonymous Diffie-Hellman (ADH) ciphers, but I always get ``no
shared cipher'' errors?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#cipher-adh"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#cipher-adh"><b>L</b></a>]
<p>
In order to use Anonymous Diffie-Hellman (ADH) ciphers, it is not enough
to just put ``<code>ADH</code>'' into your <code>SSLCipherSuite</code>.
I always just get a 'no shared ciphers' error if
I try to connect to my freshly installed server?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#cipher-shared"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#cipher-shared"><b>L</b></a>]
<p>
Either you have messed up your <code>SSLCipherSuite</code>
directive (compare it with the pre-configured example in
<strong id="faq">
Why can't I use SSL with name-based/non-IP-based virtual hosts?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#vhosts"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#vhosts"><b>L</b></a>]
<p>
The reason is very technical. Actually it's some sort of a chicken and
egg problem: The SSL protocol layer stays below the HTTP protocol layer
still show the unlocked state when the dialog pops up. Does this mean the
username/password is still transmitted unencrypted?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#lock-icon"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#lock-icon"><b>L</b></a>]
<p>
No, the username/password is already transmitted encrypted. The icon in
Netscape browsers is just not really synchronized with the SSL/TLS layer
When I connect via HTTPS to an Apache+mod_ssl+OpenSSL server with Microsoft Internet
Explorer (MSIE) I get various I/O errors. What is the reason?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#io-ie"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#io-ie"><b>L</b></a>]
<p>
The first reason is that the SSL implementation in some MSIE versions has
some subtle bugs related to the HTTP keep-alive facility and the SSL close
get I/O errors and the message "Netscape has encountered bad data from the
server" What's the reason?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#io-ns"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#io-ns"><b>L</b></a>]
<p>
The problem usually is that you had created a new server certificate with
the same DN, but you had told your browser to accept forever the old
<strong id="faq">
What information resources are available in case of mod_ssl problems?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#resources"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#resources"><b>L</b></a>]
<p>
The following information resources are available.
In case of problems you should search here first.
<p>
<ol>
<li><em>Answers in the User Manual's F.A.Q. List (this)</em><br>
- <a href="http://www.modssl.org/docs/2.8/ssl_faq.html">
- http://www.modssl.org/docs/2.8/ssl_faq.html</a><br>
+ <a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html">
+ http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html</a><br>
First look inside the F.A.Q. (this text), perhaps your problem is such
popular that it was already answered a lot of times in the past.
<p>
<strong id="faq">
What support contacts are available in case of mod_ssl problems?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#contact"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#contact"><b>L</b></a>]
<p>
The following lists all support possibilities for mod_ssl, in order of
preference, i.e. start in this order and do not pick the support possibility
What information and details I've to provide to
the author when writing a bug report?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#report-details"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#report-details"><b>L</b></a>]
<p>
You have to at least always provide the following information:
<p>
<strong id="faq">
I got a core dump, can you help me?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#core-dumped"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#core-dumped"><b>L</b></a>]
<p>
In general no, at least not unless you provide more details about the code
location where Apache dumped core. What is usually always required in
<strong id="faq">
Ok, I got a core dump but how do I get a backtrace to find out the reason for it?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#report-backtrace"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#report-backtrace"><b>L</b></a>]
<p>
Follow the following steps:
<p>
this backtrace to the author.
</ol>
</ul>
- <p>
- <br>
- <table summary="">
- <tr>
- <td>
- <table width="600" border="0" summary="">
- <tr>
- <td valign="top" align="left" width="250">
-<a href="ssl_howto.html" onmouseover="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_bot'); return true" onfocus="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_bot'); return true"><img name="ro_img_prev_bot" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">HowTo</font>
- </td>
- <td valign="top" align="right" width="250">
-<a href="ssl_glossary.html" onmouseover="ro_imgOver('ro_img_next_bot', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_bot'); return true" onfocus="ro_imgOver('ro_img_next_bot', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_bot'); return true"><img name="ro_img_next_bot" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Glossary</font>
- </td>
- </tr>
- </table>
- </td>
- </tr>
- <tr>
- <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
- </tr>
- <tr>
- <td><table width="598" summary="">
- <tr>
- <td align="left"><font face="Arial,Helvetica">
- <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br>
- The Apache Interface to OpenSSL
- </font>
- </td>
- <td align="right"><font face="Arial,Helvetica">
- Copyright © 1998-2001
- <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br>
- All Rights Reserved<br>
- </font>
- </td>
- </tr>
- </table>
- </td>
- </tr>
- </table>
- </td>
-</tr>
-</table>
-</div>
-</body>
-</html>
+
+
+<p><!--#include virtual="footer.html" --> </p>
+ </body>
+</html>
\ No newline at end of file
-<html>
-<head>
-<title>mod_ssl: Glossary</title>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!--
- Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions
- are met:
-
- 1. Redistributions of source code must retain the above
- copyright notice, this list of conditions and the following
- disclaimer.
-
- 2. Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials
- provided with the distribution.
-
- 3. All advertising materials mentioning features or use of this
- software must display the following acknowledgment:
- "This product includes software developed by
- Ralf S. Engelschall <rse@engelschall.com> for use in the
- mod_ssl project (http://www.modssl.org/)."
-
- 4. The name "mod_ssl" must not be used to endorse or promote
- products derived from this software without prior written
- permission.
-
- 5. Redistributions of any form whatsoever must retain the
- following acknowledgment:
- "This product includes software developed by
- Ralf S. Engelschall <rse@engelschall.com> for use in the
- mod_ssl project (http://www.modssl.org/)."
-
- THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- OF THE POSSIBILITY OF SUCH DAMAGE.
--->
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+<title>Apache SSL/TLS Encryption: Glossary</title>
<style type="text/css"><!--
-A:link {
- text-decoration: none;
- color: #6666cc;
-}
-A:active {
- text-decoration: none;
- color: #6666cc;
-}
-A:visited {
- text-decoration: none;
- color: #6666cc;
-}
-#sf {
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-H1 {
- font-weight: bold;
- font-size: 24pt;
- line-height: 24pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-H2 {
- font-weight: bold;
- font-size: 18pt;
- line-height: 18pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-H3 {
- font-weight: bold;
- font-size: 14pt;
- line-height: 14pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-H4 {
- font-weight: bold;
- font-size: 12pt;
- line-height: 12pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
#H {
}
#D {
background-color: #f0f0f0;
}
-#faq {
- font-weight: bold;
- font-size: 16pt;
- line-height: 16pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-#howto {
- font-weight: bold;
- font-size: 16pt;
- line-height: 16pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-#term {
- font-weight: bold;
- font-size: 16pt;
- line-height: 16pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
--></style>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-function ro_imgNormal(imgName) {
- if (document.images) {
- document[imgName].src = eval(imgName + '_n.src');
- self.status = '';
- }
-}
-function ro_imgOver(imgName, descript) {
- if (document.images) {
- document[imgName].src = eval(imgName + '_o.src');
- self.status = descript;
- }
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
- ro_img_prev_top_n = new Image();
- ro_img_prev_top_n.src = 'ssl_template.navbut-prev-n.gif';
- ro_img_prev_top_o = new Image();
- ro_img_prev_top_o.src = 'ssl_template.navbut-prev-s.gif';
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
- ro_img_prev_bot_n = new Image();
- ro_img_prev_bot_n.src = 'ssl_template.navbut-prev-n.gif';
- ro_img_prev_bot_o = new Image();
- ro_img_prev_bot_o.src = 'ssl_template.navbut-prev-s.gif';
-}
-// done hiding -->
-</script>
</head>
-<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066">
-<div align="center">
-<table width="600" cellspacing="0" cellpadding="0" border="0" summary="">
-<tr>
- <td>
- <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br>
- <table width="600" cellspacing="0" cellpadding="0" summary="">
- <tr>
- <td>
- <table width="600" summary="">
- <tr>
- <td align="left" valign="bottom">
- <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font>
- </td>
- <td align="right">
- <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-7.gif" alt="7" width="74" height="89">
- </td>
- </tr>
- </table>
- </td>
- </tr>
- <tr>
- <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
- </tr>
- <tr>
- <td>
- <table width="600" border="0" summary="">
- <tr>
- <td valign="top" align="left" width="250">
-<a href="ssl_faq.html" onmouseover="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_top'); return true" onfocus="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_top'); return true"><img name="ro_img_prev_top" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">F.A.Q. List</font>
- </td>
- <td valign="top" align="right" width="250">
- </td>
- </tr>
- </table>
- </td>
- </tr>
- <tr>
- <td>
- <br>
- <img src="ssl_template.title-gloss.gif" alt="Glossary" width="456" height="60">
- </td>
- </tr>
- </table>
+
+<body bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#000080" alink="#FF0000">
+<!--#include virtual="header.html" -->
+
+<h1 align="CENTER">SSL/TLS Strong Encryption: Glossary</h1>
+
<div align="right">
<table cellspacing="0" cellpadding="0" width="300" summary="">
<tr>
</tr>
</table>
</div>
+
<dl>
<dt><div id="term">Authentication</div>
<dd>The positive identification of a network entity such as a server, a
<dd>An authentication certificate scheme recommended by the International
Telecommunication Union (ITU-T) which is used for SSL/TLS authentication.
</dl>
- <p>
- <br>
- <table summary="">
- <tr>
- <td>
- <table width="600" border="0" summary="">
- <tr>
- <td valign="top" align="left" width="250">
-<a href="ssl_faq.html" onmouseover="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_bot'); return true" onfocus="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_bot'); return true"><img name="ro_img_prev_bot" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">F.A.Q. List</font>
- </td>
- <td valign="top" align="right" width="250">
- </td>
- </tr>
- </table>
- </td>
- </tr>
- <tr>
- <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
- </tr>
- <tr>
- <td><table width="598" summary="">
- <tr>
- <td align="left"><font face="Arial,Helvetica">
- <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br>
- The Apache Interface to OpenSSL
- </font>
- </td>
- <td align="right"><font face="Arial,Helvetica">
- Copyright © 1998-2001
- <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br>
- All Rights Reserved<br>
- </font>
- </td>
- </tr>
- </table>
- </td>
- </tr>
- </table>
- </td>
-</tr>
-</table>
-</div>
-</body>
-</html>
+
+<p><!--#include virtual="footer.html" --> </p>
+ </body>
+</html>
\ No newline at end of file
-<html>
-<head>
-<title>mod_ssl: HowTo</title>
-
-<!--
- Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions
- are met:
-
- 1. Redistributions of source code must retain the above
- copyright notice, this list of conditions and the following
- disclaimer.
-
- 2. Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials
- provided with the distribution.
-
- 3. All advertising materials mentioning features or use of this
- software must display the following acknowledgment:
- "This product includes software developed by
- Ralf S. Engelschall <rse@engelschall.com> for use in the
- mod_ssl project (http://www.modssl.org/)."
-
- 4. The name "mod_ssl" must not be used to endorse or promote
- products derived from this software without prior written
- permission.
-
- 5. Redistributions of any form whatsoever must retain the
- following acknowledgment:
- "This product includes software developed by
- Ralf S. Engelschall <rse@engelschall.com> for use in the
- mod_ssl project (http://www.modssl.org/)."
-
- THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- OF THE POSSIBILITY OF SUCH DAMAGE.
--->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+<title>Apache SSL/TLS Encryption: How-To</title>
<style type="text/css"><!--
-A:link {
- text-decoration: none;
- color: #6666cc;
-}
-A:active {
- text-decoration: none;
- color: #6666cc;
-}
-A:visited {
- text-decoration: none;
- color: #6666cc;
-}
-#sf {
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-H1 {
- font-weight: bold;
- font-size: 24pt;
- line-height: 24pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-H2 {
- font-weight: bold;
- font-size: 18pt;
- line-height: 18pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-H3 {
- font-weight: bold;
- font-size: 14pt;
- line-height: 14pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-H4 {
- font-weight: bold;
- font-size: 12pt;
- line-height: 12pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
#H {
}
#D {
background-color: #f0f0f0;
}
-#faq {
- font-weight: bold;
- font-size: 16pt;
- line-height: 16pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-#howto {
- font-weight: bold;
- font-size: 16pt;
- line-height: 16pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-#term {
- font-weight: bold;
- font-size: 16pt;
- line-height: 16pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
--></style>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-function ro_imgNormal(imgName) {
- if (document.images) {
- document[imgName].src = eval(imgName + '_n.src');
- self.status = '';
- }
-}
-function ro_imgOver(imgName, descript) {
- if (document.images) {
- document[imgName].src = eval(imgName + '_o.src');
- self.status = descript;
- }
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
- ro_img_prev_top_n = new Image();
- ro_img_prev_top_n.src = 'ssl_template.navbut-prev-n.gif';
- ro_img_prev_top_o = new Image();
- ro_img_prev_top_o.src = 'ssl_template.navbut-prev-s.gif';
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
- ro_img_prev_bot_n = new Image();
- ro_img_prev_bot_n.src = 'ssl_template.navbut-prev-n.gif';
- ro_img_prev_bot_o = new Image();
- ro_img_prev_bot_o.src = 'ssl_template.navbut-prev-s.gif';
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
- ro_img_next_top_n = new Image();
- ro_img_next_top_n.src = 'ssl_template.navbut-next-n.gif';
- ro_img_next_top_o = new Image();
- ro_img_next_top_o.src = 'ssl_template.navbut-next-s.gif';
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
- ro_img_next_bot_n = new Image();
- ro_img_next_bot_n.src = 'ssl_template.navbut-next-n.gif';
- ro_img_next_bot_o = new Image();
- ro_img_next_bot_o.src = 'ssl_template.navbut-next-s.gif';
-}
-// done hiding -->
-</script>
</head>
-<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066">
-<div align="center">
-<table width="600" cellspacing="0" cellpadding="0" border="0" summary="">
-<tr>
- <td>
- <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br>
- <table width="600" cellspacing="0" cellpadding="0" summary="">
- <tr>
- <td>
- <table width="600" summary="">
- <tr>
- <td align="left" valign="bottom">
- <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font>
- </td>
- <td align="right">
- <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-5.gif" alt="5" width="74" height="89">
- </td>
- </tr>
- </table>
- </td>
- </tr>
- <tr>
- <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
- </tr>
- <tr>
- <td>
- <table width="600" border="0" summary="">
- <tr>
- <td valign="top" align="left" width="250">
-<a href="ssl_compat.html" onmouseover="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_top'); return true" onfocus="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_top'); return true"><img name="ro_img_prev_top" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Compatibility</font>
- </td>
- <td valign="top" align="right" width="250">
-<a href="ssl_faq.html" onmouseover="ro_imgOver('ro_img_next_top', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_top'); return true" onfocus="ro_imgOver('ro_img_next_top', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_top'); return true"><img name="ro_img_next_top" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">F.A.Q. List</font>
- </td>
- </tr>
- </table>
- </td>
- </tr>
- <tr>
- <td>
- <br>
- <img src="ssl_template.title-howto.gif" alt="HowTo" width="456" height="60">
- </td>
- </tr>
- </table>
+
+<body bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#000080" alink="#FF0000">
+<!--#include virtual="header.html" -->
+
+<h1 align="CENTER">SSL/TLS Strong Encryption: How-To</h1>
+
+
<div align="right">
<table cellspacing="0" cellpadding="0" width="200" summary="">
<tr>
</tr>
</table>
</div>
+
<p>
-<table cellspacing="0" cellpadding="0" border="0" summary="">
-<tr valign="bottom">
-<td>
-<img src="ssl_howto.gfont000.gif" alt="H" width="40" height="34" border="0" align="left">
-ow to solve particular security constraints for an SSL-aware webserver
+How to solve particular security constraints for an SSL-aware webserver
is not always obvious because of the coherences between SSL, HTTP and Apache's
way of processing requests. This chapter gives instructions on how to solve
such typical situations. Treat is as a first step to find out the final
solution, but always try to understand the stuff before you use it. Nothing is
worse than using a security solution without knowing it's restrictions and
coherences.
-</td>
-<td>
-
-</td>
-<td>
-<div align="right">
-<table cellspacing="0" cellpadding="5" border="0" bgcolor="#ccccff" width="300" summary="">
-<tr>
-<td bgcolor="#333399">
-<font face="Arial,Helvetica" color="#ccccff">
-<b>Table Of Contents</b>
-</font>
-</td>
-</tr>
-<tr>
-<td>
-<font face="Arial,Helvetica" size="-1">
- <a href="#ToC1"><strong>Cipher Suites and Enforced Strong Security</strong></a><br>
- <a href="#ToC2"><strong>SSLv2 only server</strong></a><br>
- <a href="#ToC3"><strong>strong encryption only server</strong></a><br>
- <a href="#ToC4"><strong>server gated cryptography</strong></a><br>
- <a href="#ToC5"><strong>stronger per-directory requirements</strong></a><br>
- <a href="#ToC6"><strong>Client Authentication and Access Control</strong></a><br>
- <a href="#ToC7"><strong>simple certificate-based client authentication</strong></a><br>
- <a href="#ToC8"><strong>selective certificate-based client authentication</strong></a><br>
- <a href="#ToC9"><strong>particular certificate-based client authentication</strong></a><br>
- <a href="#ToC10"><strong>intranet vs. internet authentication</strong></a><br>
-</font>
-</td>
-</tr>
-</table>
-</div>
-</td>
-</tr>
-</table>
+
+<ul>
+<li><a href="#ToC1">Cipher Suites and Enforced Strong Security</a></li>
+<li><a href="#ToC2">SSLv2 only server</a></li>
+<li><a href="#ToC3">strong encryption only server</a></li>
+<li><a href="#ToC4">server gated cryptography</a></li>
+<li><a href="#ToC5">stronger per-directory requirements</a></li>
+<li><a href="#ToC6">Client Authentication and Access Control</a></li>
+<li><a href="#ToC7">simple certificate-based client authentication</a></li>
+<li><a href="#ToC8">selective certificate-based client authentication</a></li>
+<li><a href="#ToC9">particular certificate-based client authentication</a></li>
+<li><a href="#ToC10">intranet vs. internet authentication</a></li>
+</ul>
+
<h2><a name="ToC1">Cipher Suites and Enforced Strong Security</a></h2>
<ul>
<p>
<strong id="howto">
How can I create a real SSLv2-only server?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#cipher-sslv2"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_howto.html#cipher-sslv2"><b>L</b></a>]
<p>
The following creates an SSL server which speaks only the SSLv2 protocol and
its ciphers.
<strong id="howto">
How can I create an SSL server which accepts strong encryption only?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#cipher-strong"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_howto.html#cipher-strong"><b>L</b></a>]
<p>
The following enables only the seven strongest ciphers:
<p>
How can I create an SSL server which accepts strong encryption only,
but allows export browsers to upgrade to stronger encryption?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#cipher-sgc"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_howto.html#cipher-sgc"><b>L</b></a>]
<p>
This facility is called Server Gated Cryptography (SGC) and details you can
find in the <code>README.GlobalID</code> document in the mod_ssl distribution.
How can I create an SSL server which accepts all types of ciphers in general,
but requires a strong ciphers for access to a particular URL?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#cipher-perdir"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_howto.html#cipher-perdir"><b>L</b></a>]
<p>
Obviously you cannot just use a server-wide <code>SSLCipherSuite</code> which
restricts the ciphers to the strong variants. But mod_ssl allows you to
How can I authenticate clients based on certificates when I know all my
clients?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#auth-simple"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_howto.html#auth-simple"><b>L</b></a>]
<p>
When you know your user community (i.e. a closed user group situation), as
it's the case for instance in an Intranet, you can use plain certificate
How can I authenticate my clients for a particular URL based on certificates
but still allow arbitrary clients to access the remaining parts of the server?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#auth-selective"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_howto.html#auth-selective"><b>L</b></a>]
<p>
For this we again use the per-directory reconfiguration feature of mod_ssl:
<p>
on certificates but still allow arbitrary clients to access the remaining
parts of the server?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#auth-particular"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_howto.html#auth-particular"><b>L</b></a>]
<p>
The key is to check for various ingredients of the client certficate. Usually
this means to check the whole or part of the Distinguished Name (DN) of the
coming from the Internet but still allow plain HTTP access for clients on the
Intranet?
</strong>
- [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#auth-intranet"><b>L</b></a>]
+ [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_howto.html#auth-intranet"><b>L</b></a>]
<p>
Let us assume the Intranet can be distinguished through the IP network
192.160.1.0/24 and the subarea on the Intranet website has the URL
</tr>
</table>
</td>
+
<td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
</tr>
<tr>
</tr>
</table>
</ul>
- <p>
- <br>
- <table summary="">
- <tr>
- <td>
- <table width="600" border="0" summary="">
- <tr>
- <td valign="top" align="left" width="250">
-<a href="ssl_compat.html" onmouseover="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_bot'); return true" onfocus="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_bot'); return true"><img name="ro_img_prev_bot" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Compatibility</font>
- </td>
- <td valign="top" align="right" width="250">
-<a href="ssl_faq.html" onmouseover="ro_imgOver('ro_img_next_bot', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_bot'); return true" onfocus="ro_imgOver('ro_img_next_bot', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_bot'); return true"><img name="ro_img_next_bot" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">F.A.Q. List</font>
- </td>
- </tr>
- </table>
- </td>
- </tr>
- <tr>
- <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
- </tr>
- <tr>
- <td><table width="598" summary="">
- <tr>
- <td align="left"><font face="Arial,Helvetica">
- <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br>
- The Apache Interface to OpenSSL
- </font>
- </td>
- <td align="right"><font face="Arial,Helvetica">
- Copyright © 1998-2001
- <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br>
- All Rights Reserved<br>
- </font>
- </td>
- </tr>
- </table>
- </td>
- </tr>
- </table>
- </td>
-</tr>
-</table>
-</div>
-</body>
-</html>
+
+<p><!--#include virtual="footer.html" --> </p>
+ </body>
+</html>
\ No newline at end of file
-<html>
-<head>
-<title>mod_ssl: Introduction</title>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!--
- Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions
- are met:
-
- 1. Redistributions of source code must retain the above
- copyright notice, this list of conditions and the following
- disclaimer.
-
- 2. Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials
- provided with the distribution.
-
- 3. All advertising materials mentioning features or use of this
- software must display the following acknowledgment:
- "This product includes software developed by
- Ralf S. Engelschall <rse@engelschall.com> for use in the
- mod_ssl project (http://www.modssl.org/)."
-
- 4. The name "mod_ssl" must not be used to endorse or promote
- products derived from this software without prior written
- permission.
-
- 5. Redistributions of any form whatsoever must retain the
- following acknowledgment:
- "This product includes software developed by
- Ralf S. Engelschall <rse@engelschall.com> for use in the
- mod_ssl project (http://www.modssl.org/)."
-
- THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- OF THE POSSIBILITY OF SUCH DAMAGE.
--->
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+<title>Apache SSL/TLS Encryption: An Introduction</title>
<style type="text/css"><!--
-A:link {
- text-decoration: none;
- color: #6666cc;
-}
-A:active {
- text-decoration: none;
- color: #6666cc;
-}
-A:visited {
- text-decoration: none;
- color: #6666cc;
-}
-#sf {
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-H1 {
- font-weight: bold;
- font-size: 24pt;
- line-height: 24pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-H2 {
- font-weight: bold;
- font-size: 18pt;
- line-height: 18pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-H3 {
- font-weight: bold;
- font-size: 14pt;
- line-height: 14pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-H4 {
- font-weight: bold;
- font-size: 12pt;
- line-height: 12pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
#H {
}
#D {
background-color: #f0f0f0;
}
-#faq {
- font-weight: bold;
- font-size: 16pt;
- line-height: 16pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-#howto {
- font-weight: bold;
- font-size: 16pt;
- line-height: 16pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
-#term {
- font-weight: bold;
- font-size: 16pt;
- line-height: 16pt;
- font-family: arial,helvetica;
- font-variant: normal;
- font-style: normal;
-}
--></style>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-function ro_imgNormal(imgName) {
- if (document.images) {
- document[imgName].src = eval(imgName + '_n.src');
- self.status = '';
- }
-}
-function ro_imgOver(imgName, descript) {
- if (document.images) {
- document[imgName].src = eval(imgName + '_o.src');
- self.status = descript;
- }
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
- ro_img_prev_top_n = new Image();
- ro_img_prev_top_n.src = 'ssl_template.navbut-prev-n.gif';
- ro_img_prev_top_o = new Image();
- ro_img_prev_top_o.src = 'ssl_template.navbut-prev-s.gif';
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
- ro_img_prev_bot_n = new Image();
- ro_img_prev_bot_n.src = 'ssl_template.navbut-prev-n.gif';
- ro_img_prev_bot_o = new Image();
- ro_img_prev_bot_o.src = 'ssl_template.navbut-prev-s.gif';
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
- ro_img_next_top_n = new Image();
- ro_img_next_top_n.src = 'ssl_template.navbut-next-n.gif';
- ro_img_next_top_o = new Image();
- ro_img_next_top_o.src = 'ssl_template.navbut-next-s.gif';
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
- ro_img_next_bot_n = new Image();
- ro_img_next_bot_n.src = 'ssl_template.navbut-next-n.gif';
- ro_img_next_bot_o = new Image();
- ro_img_next_bot_o.src = 'ssl_template.navbut-next-s.gif';
-}
-// done hiding -->
-</script>
</head>
-<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066">
-<div align="center">
-<table width="600" cellspacing="0" cellpadding="0" border="0" summary="">
-<tr>
- <td>
- <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br>
- <table width="600" cellspacing="0" cellpadding="0" summary="">
- <tr>
- <td>
- <table width="600" summary="">
- <tr>
- <td align="left" valign="bottom">
- <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font>
- </td>
- <td align="right">
- <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-2.gif" alt="2" width="74" height="89">
- </td>
- </tr>
- </table>
- </td>
- </tr>
- <tr>
- <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
- </tr>
- <tr>
- <td>
- <table width="600" border="0" summary="">
- <tr>
- <td valign="top" align="left" width="250">
-<a href="ssl_overview.html" onmouseover="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_top'); return true" onfocus="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_top'); return true"><img name="ro_img_prev_top" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Overview</font>
- </td>
- <td valign="top" align="right" width="250">
-<a href="ssl_reference.html" onmouseover="ro_imgOver('ro_img_next_top', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_top'); return true" onfocus="ro_imgOver('ro_img_next_top', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_top'); return true"><img name="ro_img_next_top" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Reference</font>
- </td>
- </tr>
- </table>
- </td>
- </tr>
- <tr>
- <td>
- <br>
- <img src="ssl_template.title-intro.gif" alt="Introduction" width="456" height="60">
- </td>
- </tr>
- </table>
+
+<body bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#000080" alink="#FF0000">
+<!--#include virtual="header.html" -->
+
+<h1 align="CENTER">SSL/TLS Strong Encryption: An Introduction</h1>
+
<div align="right">
<table cellspacing="0" cellpadding="0" width="400" summary="">
<tr>
</table>
</div>
<p>
-<table cellspacing="0" cellpadding="0" border="0" summary="">
-<tr valign="bottom">
-<td>
-<img src="ssl_intro.gfont000.gif" alt="A" width="37" height="35" border="0" align="left">
-s an introduction this chapter is aimed at readers who are familiar
+As an introduction this chapter is aimed at readers who are familiar
with the Web, HTTP, and Apache, but are not security experts. It is not
intended to be a definitive guide to the SSL protocol, nor does it discuss
specific techniques for managing certificates in an organization, or the
</td>
<td>
-<div align="right">
-<table cellspacing="0" cellpadding="5" border="0" bgcolor="#ccccff" summary="">
-<tr>
-<td bgcolor="#333399">
-<font face="Arial,Helvetica" color="#ccccff">
-<b>Table Of Contents</b>
-</font>
-</td>
-</tr>
-<tr>
-<td>
-<font face="Arial,Helvetica" size="-1">
- <a href="#ToC1"><strong>Cryptographic Techniques</strong></a><br>
- <a href="#ToC2"><strong>Cryptographic Algorithms</strong></a><br>
- <a href="#ToC3"><strong>Message Digests</strong></a><br>
- <a href="#ToC4"><strong>Digital Signatures</strong></a><br>
- <a href="#ToC5"><strong>Certificates</strong></a><br>
- <a href="#ToC6"><strong>Certificate Contents</strong></a><br>
- <a href="#ToC7"><strong>Certificate Authorities</strong></a><br>
- <a href="#ToC8"><strong>Certificate Chains</strong></a><br>
- <a href="#ToC9"><strong>Creating a Root-Level CA</strong></a><br>
- <a href="#ToC10"><strong>Certificate Management</strong></a><br>
- <a href="#ToC11"><strong>Secure Sockets Layer (SSL)</strong></a><br>
- <a href="#ToC12"><strong>Session Establishment</strong></a><br>
- <a href="#ToC13"><strong>Key Exchange Method</strong></a><br>
- <a href="#ToC14"><strong>Cipher for Data Transfer</strong></a><br>
- <a href="#ToC15"><strong>Digest Function</strong></a><br>
- <a href="#ToC16"><strong>Handshake Sequence Protocol</strong></a><br>
- <a href="#ToC17"><strong>Data Transfer</strong></a><br>
- <a href="#ToC18"><strong>Securing HTTP Communication</strong></a><br>
- <a href="#ToC19"><strong>References</strong></a><br>
-</font>
-</td>
-</tr>
-</table>
-</div>
-</td>
-</tr>
-</table>
+
+<ul>
+<li><a href="#ToC1">Cryptographic Techniques</a></li>
+<li><a href="#ToC2">Cryptographic Algorithms</a></li>
+<li><a href="#ToC3">Message Digests</a></li>
+<li><a href="#ToC4">Digital Signatures</a></li>
+<li><a href="#ToC5">Certificates</a></li>
+<li><a href="#ToC6">Certificate Contents</a></li>
+<li><a href="#ToC7">Certificate Authorities</a></li>
+<li><a href="#ToC8">Certificate Chains</a></li>
+<li><a href="#ToC9">Creating a Root-Level CA</a></li>
+<li><a href="#ToC10">Certificate Management</a></li>
+<li><a href="#ToC11">Secure Sockets Layer (SSL)</a></li>
+<li><a href="#ToC12">Session Establishment</a></li>
+<li><a href="#ToC13">Key Exchange Method</a></li>
+<li><a href="#ToC14">Cipher for Data Transfer</a></li>
+<li><a href="#ToC15">Digest Function</a></li>
+<li><a href="#ToC16">Handshake Sequence Protocol</a></li>
+<li><a href="#ToC17">Data Transfer</a></li>
+<li><a href="#ToC18">Securing HTTP Communication</a></li>
+<li><a href="#ToC19">References</a></li>
+</ul>
+
<h2><a name="ToC1">Cryptographic Techniques</a></h2>
Understanding SSL requires an understanding of cryptographic algorithms,
message digest functions (aka. one-way or hash functions), and digital
href="ftp://ftp.ietf.org/internet-drafts/draft-ietf-tls-protocol-06.txt">
ftp://ftp.ietf.org/internet-drafts/draft-ietf-tls-protocol-06.txt</a>.
</ul>
- <p>
- <br>
- <table summary="">
- <tr>
- <td>
- <table width="600" border="0" summary="">
- <tr>
- <td valign="top" align="left" width="250">
-<a href="ssl_overview.html" onmouseover="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_bot'); return true" onfocus="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_bot'); return true"><img name="ro_img_prev_bot" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Overview</font>
- </td>
- <td valign="top" align="right" width="250">
-<a href="ssl_reference.html" onmouseover="ro_imgOver('ro_img_next_bot', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_bot'); return true" onfocus="ro_imgOver('ro_img_next_bot', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_bot'); return true"><img name="ro_img_next_bot" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Reference</font>
- </td>
- </tr>
- </table>
- </td>
- </tr>
- <tr>
- <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
- </tr>
- <tr>
- <td><table width="598" summary="">
- <tr>
- <td align="left"><font face="Arial,Helvetica">
- <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br>
- The Apache Interface to OpenSSL
- </font>
- </td>
- <td align="right"><font face="Arial,Helvetica">
- Copyright © 1998-2001
- <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br>
- All Rights Reserved<br>
- </font>
- </td>
- </tr>
- </table>
- </td>
- </tr>
- </table>
- </td>
-</tr>
-</table>
-</div>
-</body>
+<p><!--#include virtual="footer.html" --> </p>
+ </body>
</html>
projects / thirdparty / apache / httpd.git / commitdiff
