Changes with Apache 2.1.7
[Remove entries to the current 2.0 section below, when backported]
- *) Add additional SSLSessionCache option, 'internal', which makes
- mod_ssl just use OpenSSL's own internal session ID cache. Useful
- when one needs to disable any external, shared caches but
- requires the server to send non-null session IDs.
- [Jim Jagielski]
+ *) Add additional SSLSessionCache option, 'nonenotnull', which is
+ similar to 'none' (disabling any external shared cache) but forces
+ OpenSSL to provide a non-null session ID. [Jim Jagielski]
*) Add httxt2dbm to support/ for creating RewriteMap DBM Files.
[Paul Querna]
using certain browsers, particularly if client certificates are
enabled. This setting is not recommended.</p></li>
-<li><code>internal</code>
+<li><code>nonenotnull</code>
<p>This disables any global/inter-process Session Cache. However
- it does allow OpenSSL to use its own internal session cache. This in
- mainly useful in situations where a global cache cannot be used
- but the client requires a non-null session ID.</p></li>
+ it does force OpenSSL to send a non-null session ID to
+ accommodate buggy clients that require one.</p></li>
<li><code>dbm:/path/to/datafile</code>
using certain browsers, particularly if client certificates are
enabled. This setting is not recommended.</p></li>
-<li><code>internal</code>
+<li><code>nonenotnull</code>
<p>This disables any global/inter-process Session Cache. However
- it does allow OpenSSL to use its own internal session cache. This in
- mainly useful in situations where a global cache cannot be used
- but the client requires a non-null session ID.</p></li>
+ it does force OpenSSL to send a non-null session ID to
+ accommodate buggy clients that require one.</p></li>
<li><code>dbm:/path/to/datafile</code>
"or `exec:/path/to/cgi_program')")
SSL_CMD_SRV(SessionCache, TAKE1,
"SSL Session Cache storage "
- "(`none', `internal', `dbm:/path/to/file')")
+ "(`none', `nonenotnull', `dbm:/path/to/file')")
#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
SSL_CMD_SRV(CryptoDevice, TAKE1,
"SSL external Crypto Device usage "
mc->nSessionCacheMode = SSL_SCMODE_NONE;
mc->szSessionCacheDataFile = NULL;
}
- else if (strcEQ(arg, "internal")) {
- mc->nSessionCacheMode = SSL_SCMODE_OPENSSL_INTERNAL;
+ else if (strcEQ(arg, "nonenotnull")) {
+ mc->nSessionCacheMode = SSL_SCMODE_NONE_NOT_NULL;
mc->szSessionCacheDataFile = NULL;
}
else if ((arglen > 4) && strcEQn(arg, "dbm:", 4)) {
SSL_SCMODE_DBM = 1,
SSL_SCMODE_SHMCB = 3,
SSL_SCMODE_DC = 4,
- SSL_SCMODE_OPENSSL_INTERNAL = 5
+ SSL_SCMODE_NONE_NOT_NULL = 5
} ssl_scmode_t;
/*
projects / apache / commitdiff