<p>The above connection states are managed by the listener thread via dedicated queues, that up to 2.4.27 were checked every 100ms
to find which connections hit timeout settings like <code class="directive"><a href="../mod/mpm_common.html#timeout">Timeout</a></code> and
<code class="directive"><a href="../mod/core.html#keepalivetimeout">KeepAliveTimeout</a></code>. This was a simple and efficient solution, but it presented a downside: the pollset was
- forcing a wake-up of the listener thread even if there was no need (for example because completely idle), wasting resources. From 2.4.27
+ forcing a wake-up of the listener thread even if there was no need (for example because completely idle), wasting resources. From 2.4.28
these queues are completely managed via an event based logic, not relying anymore on active polling.
Resource constrained environments, like embedded servers, may benefit from this improvement.</p>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision: 1772512 -->
+<!-- English Revision: 1772512:1807868 (outdated) -->
<!-- French translation : Lucien GENTIS -->
<!-- Reviewed by : Vincent Deffontaines -->
<div class="directive-section"><h2><a name="SSLEngine" id="SSLEngine">SSLEngine</a> <a name="sslengine" id="sslengine">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>SSL Engine Operation Switch</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLEngine on|off|optional</code></td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLEngine on|off|optional|addr[:port] [addr[:port]] ...</code></td></tr>
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSLEngine off</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>The <code>addr:port</code> parameter is available in Apache 2.4.28 and later.</td></tr>
</table>
<p>
-This directive toggles the usage of the SSL/TLS Protocol Engine. This
-
is should be used inside a <code class="directive"><a href="../mod/core.html#virtualhost"><VirtualHost></a></code> section to enable SSL/TLS for a
+This directive toggles the usage of the SSL/TLS Protocol Engine. Values 'on',
+
'off' and 'optional' should be used inside a <code class="directive"><a href="../mod/core.html#virtualhost"><VirtualHost></a></code> section to enable SSL/TLS for a
that virtual host. By default the SSL/TLS Protocol Engine is
disabled for both the main server and all configured virtual hosts.</p>
<div class="example"><h3>Example</h3><pre class="prettyprint lang-config"><VirtualHost _default_:443>
#...
</VirtualHost></pre>
</div>
-<p>In Apache 2.1 and later, <code class="directive">SSLEngine</code> can be set to
-<code>optional</code>. This enables support for
-<a href="http://www.ietf.org/rfc/rfc2817.txt">RFC 2817</a>, Upgrading to TLS
-Within HTTP/1.1. At this time no web browsers support RFC 2817.</p>
+<p>The <code>addr:port</code> values should be used in the
+global server to enable the SSL/TLS Protocol Engine for <em>all</em>
+<code class="directive"><a href="../mod/core.html#virtualhost"><VirtualHost></a></code>s
+that match one of the addresses in the list.</p>
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">SSLEngine *:443
+<VirtualHost *:443>
+#...
+</VirtualHost></pre>
+</div>
+<p><code class="directive">SSLEngine</code> can be set to <code>optional</code>:
+this enables support for
+<a href="http://www.ietf.org/rfc/rfc2817.txt">RFC 2817</a>.
+</p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
handshake</td></tr>
<tr><td><a href="mod_ssl.html#sslcompression">SSLCompression on|off</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Enable compression on the SSL level</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslcryptodevice">SSLCryptoDevice <em>engine</em></a></td><td> builtin </td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Enable use of a cryptographic hardware accelerator</td></tr>
-<tr><td><a href="mod_ssl.html#sslengine">SSLEngine on|off|optional</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">SSL Engine Operation Switch</td></tr>
+<tr><td><a href="mod_ssl.html#sslengine">SSLEngine on|off|optional|addr[:port] [addr[:port]] ...</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">SSL Engine Operation Switch</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslfips">SSLFIPS on|off</a></td><td> off </td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">SSL FIPS mode Switch</td></tr>
<tr><td><a href="mod_ssl.html#sslhonorcipherorder">SSLHonorCipherOrder on|off</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Option to prefer the server's cipher preference order</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslinsecurerenegotiation">SSLInsecureRenegotiation on|off</a></td><td> off </td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Option to enable support for insecure renegotiation</td></tr>
projects / apache / commitdiff