From: Stefan Eissing Date: Wed, 16 Aug 2017 14:02:51 +0000 (+0000) Subject: On the trunk: X-Git-Tag: 2.5.0-alpha~207 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=590f9ee9f3abb6b4fb038cc513b11a552d0ea003;p=apache On the trunk: mod_ssl.xml: use of new section directive ids, tweaking examples and some language. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1805201 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml index 70b65947ce..1e62f9859e 100644 --- a/docs/manual/mod/mod_ssl.xml +++ b/docs/manual/mod/mod_ssl.xml @@ -2823,10 +2823,10 @@ SSLOpenSSLConfCmd SignatureAlgorithms RSA+SHA384:ECDSA+SHA256

This directive defines a set of SSL* configurations under and gives it a name. This name can be used in the directives -SSLPolicyUse and SSLProxyPolicy +SSLPolicy and SSLProxyPolicy to apply this configuration set in the current context.

-Examples +Define and Use of a Policy <SSLPolicy safe-stapling> SSLUseStapling on @@ -2855,7 +2855,7 @@ compatible and securely with current browsers.

by running the following command. This list shows you the detailed configurations each policy is made of:

-Examples +List all Defined Policies > httpd -t -D DUMP_SSL_POLICIES @@ -2865,7 +2865,7 @@ detailed configurations each policy is made of:

there cannot be two policies with the same name. However, policies can be redefined:

-Examples +Policy Overwrite <SSLPolicy proxy-trust> SSLProxyVerify require @@ -2878,15 +2878,15 @@ be redefined:

Policy definitions are added in the order they appear, but are -applied when the whole configuration is read. This means that any +applied when the whole configuration has been read. This means that any use of 'proxy-trust' will mean 'SSLProxyVerify none'. The first definition -has no effect at all. You can replace policy definitions that have been -pre-installed without the need to disable them.

+has no effect at all. That allows pre-installed policies to be replaced +without the need to disable them.

Additional to replacing policies, redefinitions may just alter an aspect of a policy:

-Examples +Policy Redefine <SSLPolicy proxy-trust> SSLProxyVerify require @@ -2902,11 +2902,11 @@ an aspect of a policy:

This re-uses all settings from the previous 'proxy-trust' and adds one directive on top of it. All others still apply. This is very handy when pre-defined policies (from Apache itself or a distributor) -that almost fit ones needs. Previously, such definitions were +that almost what you need. Previously, such definitions were (copied and) edited. This made updating them difficult. Now they can be setup like this:

-Examples +Tweak a Pre-Defined Policy Include ssl-policies.conf @@ -2921,7 +2921,7 @@ Include ssl-policies.conf -SSLPolicyUse +SSLPolicy Apply a SSLPolicy by name SSLPolicy name server config @@ -2935,7 +2935,7 @@ settings in the current context. That means that any other SSL* directives you make in the same context remain effective. So, the effective SSLProtocol value in the following settings are:

-Examples +Policy Precedence <VirtualHost...> # effective: 'all' SSLPolicy modern @@ -2962,7 +2962,7 @@ you make in the same context remain effective. So, the effective

There can be more than one policy applied in a context. The later ones overshadowing the earlier ones:

-Examples +Policy Ordering <VirtualHost...> # effective: 'intermediate > modern' SSLPolicy modern @@ -2988,11 +2988,11 @@ later ones overshadowing the earlier ones:

Available in httpd 2.4.28 and later -

This directive is similar to SSLPolicyUse, but +

This directive is similar to SSLPolicy, but applies only the SSLProxy* directives defined in the policy. This helps when you need different policies for front and backends:

-Examples +Another Policies for Proxy Only SSLPolicy modern SSLProxyPolicy intermediate