<li><img alt="" src="../images/down.gif" /> <a href="#ssloptions">SSLOptions</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#sslpassphrasedialog">SSLPassPhraseDialog</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#sslpolicysection"><SSLPolicy></a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#sslpolicyuse">SSLPolicyUse</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#sslpolicy">SSLPolicy</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#sslprotocol">SSLProtocol</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#sslproxycacertificatefile">SSLProxyCACertificateFile</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#sslproxycacertificatepath">SSLProxyCACertificatePath</a></li>
</table>
<p>This directive defines a set of SSL* configurations under
and gives it a name. This name can be used in the directives
-<code class="directive">SSLPolicyUse</code> and <code class="directive">SSLProxyPolicy</code>
+<code class="directive">SSLPolicy</code> and <code class="directive">SSLProxyPolicy</code>
to apply this configuration set in the current context.</p>
-<div class="example"><h3>
Examples</h3><pre class="prettyprint lang-config"><SSLPolicy safe-stapling>
+<div class="example"><h3>
Define and Use of a Policy</h3><pre class="prettyprint lang-config"><SSLPolicy safe-stapling>
SSLUseStapling on
SSLStaplingResponderTimeout 2
SSLStaplingReturnResponderErrors off
by running the following command. This list shows you the
detailed configurations each policy is made of:</p>
-<div class="example"><h3>
Examples</h3><pre class="prettyprint lang-sh">> httpd -t -D DUMP_SSL_POLICIES</pre>
+<div class="example"><h3>
List all Defined Policies</h3><pre class="prettyprint lang-sh">> httpd -t -D DUMP_SSL_POLICIES</pre>
</div>
<p>The directive can only be used in the server config (global context), so
there cannot be two policies with the same name. However, policies can
be redefined:</p>
-<div class="example"><h3>
Examples</h3><pre class="prettyprint lang-config"><SSLPolicy proxy-trust>
+<div class="example"><h3>
Policy Overwrite</h3><pre class="prettyprint lang-config"><SSLPolicy proxy-trust>
SSLProxyVerify require
</SSLPolicy>
...
</div>
<p>Policy definitions are <em>added</em> in the order they appear, but are
-<em>applied</em> when the whole configuration is read. This means that any
+<em>applied</em> when the whole configuration has been read. This means that any
use of 'proxy-trust' will mean 'SSLProxyVerify none'. The first definition
-has no effect at all. You can replace policy definitions that have been
-pre-installed without the need to disable them.</p>
+has no effect at all. That allows pre-installed policies to be replaced
+without the need to disable them.</p>
<p>Additional to replacing policies, redefinitions may just alter
an aspect of a policy:</p>
-<div class="example"><h3>
Examples</h3><pre class="prettyprint lang-config"><SSLPolicy proxy-trust>
+<div class="example"><h3>
Policy Redefine</h3><pre class="prettyprint lang-config"><SSLPolicy proxy-trust>
SSLProxyVerify require
</SSLPolicy>
...
<p>This re-uses all settings from the previous 'proxy-trust' and adds
one directive on top of it. All others still apply. This is very handy
when pre-defined policies (from Apache itself or a distributor)
-that <em>almost</em> fit ones needs. Previously, such definitions were
+that <em>almost</em> what you need. Previously, such definitions were
(copied and) edited. This made updating them difficult. Now they can
be setup like this:</p>
-<div class="example"><h3>
Examples</h3><pre class="prettyprint lang-config">Include ssl-policies.conf
+<div class="example"><h3>
Tweak a Pre-Defined Policy</h3><pre class="prettyprint lang-config">Include ssl-policies.conf
<SSLPolicy modern>
SSLPolicy modern
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="SSLPolicyUse" id="SSLPolicyUse">SSLPolicyUse</a> <a name="sslpolicyuse" id="sslpolicyuse">Directive</a></h2>
+<div class="directive-section"><h2><a name="SSLPolicy" id="SSLPolicy">SSLPolicy</a> <a name="sslpolicy" id="sslpolicy">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Apply a SSLPolicy by name</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLPolicy <em>name</em></code></td></tr>
you make in the same context remain effective. So, the effective
<code class="directive">SSLProtocol</code> value in the following settings are:</p>
-<div class="example"><h3>
Examples</h3><pre class="prettyprint lang-config"> <VirtualHost...> # effective: 'all'
+<div class="example"><h3>
Policy Precedence</h3><pre class="prettyprint lang-config"> <VirtualHost...> # effective: 'all'
SSLPolicy modern
SSLProtocol all
</VirtualHost>
<p>There can be more than one policy applied in a context. The
later ones overshadowing the earlier ones:</p>
-<div class="example"><h3>
Examples</h3><pre class="prettyprint lang-config"> <VirtualHost...> # effective: 'intermediate > modern'
+<div class="example"><h3>
Policy Ordering</h3><pre class="prettyprint lang-config"> <VirtualHost...> # effective: 'intermediate > modern'
SSLPolicy modern
SSLPolicy intermediate
</VirtualHost>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in httpd 2.4.28 and later</td></tr>
</table>
-<p>This directive is similar to <code class="directive">SSLPolicyUse</code>, but
+<p>This directive is similar to <code class="directive">SSLPolicy</code>, but
applies only the SSLProxy* directives defined in the policy. This helps
when you need different policies for front and backends:</p>
-<div class="example"><h3>
Examples</h3><pre class="prettyprint lang-config">SSLPolicy modern
+<div class="example"><h3>
Another Policies for Proxy Only</h3><pre class="prettyprint lang-config">SSLPolicy modern
SSLProxyPolicy intermediate</pre>
</div>
<tr><td><a href="mod_ssl.html#ssloptions">SSLOptions [+|-]<em>option</em> ...</a></td><td></td><td>svdh</td><td>E</td></tr><tr><td class="descr" colspan="4">Configure various SSL engine run-time options</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslpassphrasedialog">SSLPassPhraseDialog <em>type</em></a></td><td> builtin </td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Type of pass phrase dialog for encrypted private
keys</td></tr>
-<tr><td><a href="mod_ssl.html#sslpolicy"><SSLPolicy <em>name</em>></a></td><td></td><td>s</td><td>E</td></tr><tr><td class="descr" colspan="4">Define a named set of SSL configurations</td></tr>
-<tr class="odd"><td><a href="mod_ssl.html#sslpolicyuse">SSLPolicy <em>name</em></a></td><td></td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Apply a SSLPolicy by name</td></tr>
+<tr><td><a href="mod_ssl.html#sslpolicy"><SSLPolicy <em>name</em>>SSLPolicy <em>name</em></a></td><td></td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Define a named set of SSL configurationsApply a SSLPolicy by name</td></tr>
+<tr class="odd"><td><a href="mod_ssl.html#sslpolicy"><SSLPolicy <em>name</em>>SSLPolicy <em>name</em></a></td><td></td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Define a named set of SSL configurationsApply a SSLPolicy by name</td></tr>
<tr><td><a href="mod_ssl.html#sslprotocol">SSLProtocol [+|-]<em>protocol</em> ...</a></td><td> all -SSLv3 </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Configure usable SSL/TLS protocol versions</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslproxycacertificatefile">SSLProxyCACertificateFile <em>file-path</em></a></td><td></td><td>svp</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">File of concatenated PEM-encoded CA Certificates
for Remote Server Auth</td></tr>
projects / apache / commitdiff