<li><img alt="" src="../images/down.gif" /> <a href="#sslcertificatefile">SSLCertificateFile</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#sslcertificatekeyfile">SSLCertificateKeyFile</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#sslciphersuite">SSLCipherSuite</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#sslcryptodevice">SSLCryptoDevice</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#sslengine">SSLEngine</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#sslhonorcipherorder">SSLHonorCipherOrder</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#sslmutex">SSLMutex</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#ssloptions">SSLOptions</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#sslpassphrasedialog">SSLPassPhraseDialog</a></li>
For backward compatibility there is additionally a special
``<code>%{</code><em>name</em><code>}c</code>'' cryptography format function
provided. Information about this function is provided in the <a href="../ssl/ssl_compat.html">Compatibility</a> chapter.</p>
-<p>
-Example:</p>
-<div class="example"><p><code>
+<div class="example"><h3>Example</h3><p><code>
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</code></p></div>
<tr><td><code>EXP-ADH-RC4-MD5</code></td> <td>SSLv3</td> <td>DH(512)</td> <td>None</td> <td>RC4(40)</td> <td>MD5</td> <td> export</td> </tr>
</table>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="SSLCryptoDevice" id="SSLCryptoDevice">SSLCryptoDevice</a> <a name="sslcryptodevice" id="sslcryptodevice">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enable use of a cryptographic hardware accelerator</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLCryptoDevice <em>engine</em></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSLCryptoDevice builtin</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available if mod_ssl is built using <code>-DSSL_ENGINE_EXPERIMENTAL</code></td></tr>
+</table>
+<p>
+This directive enables use of a cryptographic hardware accelerator
+board to offload some of the SSL processing overhead. This directive
+can only be used if the SSL toolkit is built with "engine" support;
+OpenSSL 0.9.7 and later releases have "engine" support by default, the
+separate "-engine" releases of OpenSSL 0.9.6 must be used.</p>
+
+<p>To discover which engine names are supported, run the command
+"<code>openssl engine</code>".</p>
+
+<div class="example"><h3>Example</h3><p><code>
+# For a Broadcom accelerator:<br />
+SSLCryptoDevice ubsec
+</code></p></div>
+
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="SSLEngine" id="SSLEngine">SSLEngine</a> <a name="sslengine" id="sslengine">Directive</a></h2>
</VirtualHost>
</code></p></div>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="SSLHonorCipherOrder" id="SSLHonorCipherOrder">SSLHonorCipherOrder</a> <a name="sslhonorcipherorder" id="sslhonorcipherorder">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Option to prefer the server's cipher preference order</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLHonorCiperOrder <em>flag</em></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.1 and later, if using OpenSSL 0.9.7 or later</td></tr>
+</table>
+<p>When choosing a cipher during an SSLv3 or TLSv1 handshake, normally
+the client's preference is used. If this directive is enabled, the
+server's preference will be used instead.</p>
+<div class="example"><h3>Example</h3><p><code>
+SSLHonorCipherOrder on
+</code></p></div>
+
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="SSLMutex" id="SSLMutex">SSLMutex</a> <a name="sslmutex" id="sslmutex">Directive</a></h2>
The reuse-algorithm above is used here, too. In other words: The external
program is called only once per unique Pass Phrase.</p></li>
</ul>
-<p>
-Example:</p>
-<div class="example"><p><code>
+<div class="example"><h3>Example</h3><p><code>
SSLPassPhraseDialog exec:/usr/local/apache/sbin/pp-filter
</code></p></div>
<div class="warning">
<p>Currently there is no support for encrypted private keys</p>
</div>
-<p>
-Example:</p>
-<div class="example"><p><code>
+<div class="example"><h3>Example</h3><p><code>
SSLProxyMachineCertificateFile /usr/local/apache2/conf/ssl.crt/proxy.pem
</code></p></div>
<div class="warning">
<p>Currently there is no support for encrypted private keys</p>
</div>
-<p>
-Example:</p>
-<div class="example"><p><code>
+<div class="example"><h3>Example</h3><p><code>
SSLProxyMachineCertificatePath /usr/local/apache2/conf/proxy.crt/
</code></p></div>
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.1 and later</td></tr>
</table>
<p>
-
This directive sets the "user" field in the Apache request object.
This is used by lower modules to identify the user with a character
string. In particular, this may cause the environment variable
-<code>REMOTE_USER</code> to be set. The <code>varname</code> can be
+<code>REMOTE_USER</code> to be set. The <em>varname</em> can be
any of the <a href="#envvars">SSL environment variables</a>.</p>
<div class="example"><h3>Example</h3><p><code>
SSLUserName SSL_CLIENT_S_DN_CN