diff options
| author | Kaspar Brand <kbrand@apache.org> | 2011-11-18 06:27:00 +0100 |
|---|---|---|
| committer | Kaspar Brand <kbrand@apache.org> | 2011-11-18 06:27:00 +0100 |
| commit | 304e9c4c08227be0556cc497519e0efccbba6988 (patch) | |
| tree | 5f94616b50da08a40d3433c5dd1b4428b1876296 /docs | |
| parent | event no longer requires APR_POLLSET_THREADSAFE, or any (diff) | |
| download | apache2-304e9c4c08227be0556cc497519e0efccbba6988.tar.xz apache2-304e9c4c08227be0556cc497519e0efccbba6988.zip | |
drop SSLv2 support (set SSL_OP_NO_SSLv2 for any new SSL_CTX)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1203491 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/manual/mod/mod_ssl.xml | 28 | ||||
| -rw-r--r-- | docs/manual/upgrading.xml | 3 |
2 files changed, 12 insertions, 19 deletions
diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml index 3b342b47bf..041446961e 100644 --- a/docs/manual/mod/mod_ssl.xml +++ b/docs/manual/mod/mod_ssl.xml @@ -61,7 +61,7 @@ compatibility variables.</p> <th>Description:</th> </tr> <tr><td><code>HTTPS</code></td> <td>flag</td> <td>HTTPS is being used.</td></tr> -<tr><td><code>SSL_PROTOCOL</code></td> <td>string</td> <td>The SSL protocol version (SSLv2, SSLv3, TLSv1)</td></tr> +<tr><td><code>SSL_PROTOCOL</code></td> <td>string</td> <td>The SSL protocol version (SSLv3, TLSv1)</td></tr> <tr><td><code>SSL_SESSION_ID</code></td> <td>string</td> <td>The hex-encoded SSL session id</td></tr> <tr><td><code>SSL_SESSION_RESUMED</code></td> <td>string</td> <td>Initial or Resumed SSL Session. Note: multiple requests may be served over the same (Initial or Resumed) SSL session if HTTP KeepAlive is in use</td></tr> <tr><td><code>SSL_SECURE_RENEG</code></td> <td>string</td> <td><code>true</code> if secure renegotiation is supported, else <code>false</code></td></tr> @@ -563,7 +563,7 @@ by the applicable Security Policy. <directivesynopsis> <name>SSLProtocol</name> -<description>Configure usable SSL protocol versions</description> +<description>Configure usable SSL/TLS protocol versions</description> <syntax>SSLProtocol [+|-]<em>protocol</em> ...</syntax> <default>SSLProtocol all</default> <contextlist><context>server config</context> @@ -571,17 +571,11 @@ by the applicable Security Policy. <usage> <p> -This directive can be used to control which versions of the SSL protocol +This directive can be used to control which versions of the SSL/TLS protocol will be accepted in new connections.</p> <p> The available (case-insensitive) <em>protocol</em>s are:</p> <ul> -<li><code>SSLv2</code> - <p> - This is the Secure Sockets Layer (SSL) protocol, version 2.0. It is the - original SSL protocol as designed by Netscape Corporation. Though it's - use has been deprecated, because of weaknesses in the security of the protocol.</p></li> - <li><code>SSLv3</code> <p> This is the Secure Sockets Layer (SSL) protocol, version 3.0, from @@ -592,19 +586,17 @@ The available (case-insensitive) <em>protocol</em>s are:</p> <li><code>TLSv1</code> <p> This is the Transport Layer Security (TLS) protocol, version 1.0. It is the - successor to SSLv3 and is defined in <a href="http://www.ietf.org/rfc/rfc2246.txt">RFC2246</a>. - Which has been obsoleted by <a href="http://www.ietf.org/rfc/rfc4346.txt">RFC4346</a>.</p></li> + successor to SSLv3 and was originally defined in <a href="http://www.ietf.org/rfc/rfc2246.txt">RFC 2246</a> + (obsoleted by <a href="http://www.ietf.org/rfc/rfc4346.txt">RFC 4346</a> + and <a href="http://www.ietf.org/rfc/rfc5246.txt">RFC 5246</a> in + the meantime).</p></li> -<li><code>All</code> +<li><code>all</code> <p> - This is a shortcut for ``<code>+SSLv2 +SSLv3 +TLSv1</code>'' and a - convenient way for enabling all protocols except one when used in - combination with the minus sign on a protocol as the example above - shows.</p></li> + This is a shortcut for ``<code>+SSLv3 +TLSv1</code>''.</p></li> </ul> <example><title>Example</title> -# enable SSLv3 and TLSv1, but not SSLv2<br /> -SSLProtocol all -SSLv2 +SSLProtocol TLSv1 </example> </usage> </directivesynopsis> diff --git a/docs/manual/upgrading.xml b/docs/manual/upgrading.xml index 300fe19e5f..0b844516e4 100644 --- a/docs/manual/upgrading.xml +++ b/docs/manual/upgrading.xml @@ -294,7 +294,8 @@ <li><module>mod_ssl</module>: The default format of the <code>*_DN</code> variables has changed. The old format can still be used with the new <code>LegacyDNStringFormat</code> argument to <directive - module="mod_ssl">SSLOptions</directive>.</li> + module="mod_ssl">SSLOptions</directive>. The SSLv2 protocol is + no longer supported.</li> <li><program>htpasswd</program> now uses MD5 hash by default on all platforms.</li> |