From: Kaspar Brand <kbrand@apache.org>
Date: Fri, 18 Nov 2011 17:37:36 +0000 (+0000)
Subject: update transformations
X-Git-Tag: 2.5.0-alpha~7862
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c0d91dd1a972e645015c1c7b9cb3a5434ca51af5;p=apache

update transformations

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1203761 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/mod_ssl.html.en b/docs/manual/mod/mod_ssl.html.en
index d0950d3be1..8d31e719c0 100644
--- a/docs/manual/mod/mod_ssl.html.en
+++ b/docs/manual/mod/mod_ssl.html.en
@@ -130,7 +130,7 @@ compatibility variables.</p>
  <th>Description:</th>
 </tr>
 <tr><td><code>HTTPS</code></td>                         <td>flag</td>      <td>HTTPS is being used.</td></tr>
-<tr><td><code>SSL_PROTOCOL</code></td>                  <td>string</td>    <td>The SSL protocol version (SSLv2, SSLv3, TLSv1)</td></tr>
+<tr><td><code>SSL_PROTOCOL</code></td>                  <td>string</td>    <td>The SSL protocol version (SSLv3, TLSv1)</td></tr>
 <tr><td><code>SSL_SESSION_ID</code></td>                <td>string</td>    <td>The hex-encoded SSL session id</td></tr>
 <tr><td><code>SSL_SESSION_RESUMED</code></td>           <td>string</td>    <td>Initial or Resumed SSL Session.  Note: multiple requests may be served over the same (Initial or Resumed) SSL session if HTTP KeepAlive is in use</td></tr>
 <tr><td><code>SSL_SECURE_RENEG</code></td>              <td>string</td>    <td><code>true</code> if secure renegotiation is supported, else <code>false</code></td></tr>
@@ -1184,7 +1184,7 @@ SSLPassPhraseDialog exec:/usr/local/apache/sbin/pp-filter
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="SSLProtocol" id="SSLProtocol">SSLProtocol</a> <a name="sslprotocol" id="sslprotocol">Directive</a></h2>
 <table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Configure usable SSL protocol versions</td></tr>
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Configure usable SSL/TLS protocol versions</td></tr>
 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLProtocol [+|-]<em>protocol</em> ...</code></td></tr>
 <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSLProtocol all</code></td></tr>
 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
@@ -1192,17 +1192,11 @@ SSLPassPhraseDialog exec:/usr/local/apache/sbin/pp-filter
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
 </table>
 <p>
-This directive can be used to control which versions of the SSL protocol
+This directive can be used to control which versions of the SSL/TLS protocol
 will be accepted in new connections.</p>
 <p>
 The available (case-insensitive) <em>protocol</em>s are:</p>
 <ul>
-<li><code>SSLv2</code>
-    <p>
-    This is the Secure Sockets Layer (SSL) protocol, version 2.0. It is the
-    original SSL protocol as designed by Netscape Corporation.  Though it's
-    use has been deprecated, because of weaknesses in the security of the protocol.</p></li>
-
 <li><code>SSLv3</code>
     <p>
     This is the Secure Sockets Layer (SSL) protocol, version 3.0, from
@@ -1213,19 +1207,17 @@ The available (case-insensitive) <em>protocol</em>s are:</p>
 <li><code>TLSv1</code>
     <p>
     This is the Transport Layer Security (TLS) protocol, version 1.0. It is the
-    successor to SSLv3 and is defined in <a href="http://www.ietf.org/rfc/rfc2246.txt">RFC2246</a>.
-    Which has been obsoleted by <a href="http://www.ietf.org/rfc/rfc4346.txt">RFC4346</a>.</p></li>
+    successor to SSLv3 and was originally defined in <a href="http://www.ietf.org/rfc/rfc2246.txt">RFC 2246</a>
+    (obsoleted by <a href="http://www.ietf.org/rfc/rfc4346.txt">RFC 4346</a>
+    and <a href="http://www.ietf.org/rfc/rfc5246.txt">RFC 5246</a> in
+    the meantime).</p></li>
 
-<li><code>All</code>
+<li><code>all</code>
     <p>
-    This is a shortcut for ``<code>+SSLv2 +SSLv3 +TLSv1</code>'' and a
-    convenient way for enabling all protocols except one when used in
-    combination with the minus sign on a protocol as the example above
-    shows.</p></li>
+    This is a shortcut for ``<code>+SSLv3 +TLSv1</code>''.</p></li>
 </ul>
 <div class="example"><h3>Example</h3><p><code>
-#   enable SSLv3 and TLSv1, but not SSLv2<br />
-SSLProtocol all -SSLv2
+SSLProtocol TLSv1
 </code></p></div>
 
 </div>
diff --git a/docs/manual/mod/quickreference.html.en b/docs/manual/mod/quickreference.html.en
index 7425e6b18c..b82ada03b0 100644
--- a/docs/manual/mod/quickreference.html.en
+++ b/docs/manual/mod/quickreference.html.en
@@ -886,7 +886,7 @@ handshake</td></tr>
 <tr><td><a href="mod_ssl.html#ssloptions">SSLOptions [+|-]<em>option</em> ...</a></td><td></td><td>svdh</td><td>E</td></tr><tr><td class="descr" colspan="4">Configure various SSL engine run-time options</td></tr>
 <tr class="odd"><td><a href="mod_ssl.html#sslpassphrasedialog">SSLPassPhraseDialog <em>type</em></a></td><td> builtin </td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Type of pass phrase dialog for encrypted private
 keys</td></tr>
-<tr><td><a href="mod_ssl.html#sslprotocol">SSLProtocol [+|-]<em>protocol</em> ...</a></td><td> all </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Configure usable SSL protocol versions</td></tr>
+<tr><td><a href="mod_ssl.html#sslprotocol">SSLProtocol [+|-]<em>protocol</em> ...</a></td><td> all </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Configure usable SSL/TLS protocol versions</td></tr>
 <tr class="odd"><td><a href="mod_ssl.html#sslproxycacertificatefile">SSLProxyCACertificateFile <em>file-path</em></a></td><td></td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">File of concatenated PEM-encoded CA Certificates
 for Remote Server Auth</td></tr>
 <tr><td><a href="mod_ssl.html#sslproxycacertificatepath">SSLProxyCACertificatePath <em>directory-path</em></a></td><td></td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Directory of PEM-encoded CA Certificates for
diff --git a/docs/manual/ssl/ssl_howto.html.en b/docs/manual/ssl/ssl_howto.html.en
index 1c40482aab..fc4be6d5df 100644
--- a/docs/manual/ssl/ssl_howto.html.en
+++ b/docs/manual/ssl/ssl_howto.html.en
@@ -68,21 +68,18 @@ only?</a></h3>
 
     <p>The following enables only the strongest ciphers:</p>
     <div class="example"><h3>httpd.conf</h3><p><code>
-      SSLProtocol all -SSLv2<br />
-      SSLCipherSuite HIGH:!aNULL:!EXP:!MD5:!NULL<br />
+      SSLCipherSuite HIGH:!aNULL:!MD5<br />
     </code></p></div>
 
-    <p>While with the following configuration you enable two ciphers
-    which are resonably secure, and fast:</p>
+    <p>While with the following configuration you specify a preference
+    for specific speed-optimized ciphers (which will be selected by
+    mod_ssl, provided that they are supported by the client):</p>
 
     <div class="example"><h3>httpd.conf</h3><p><code>
-      SSLProtocol all -SSLv2<br />
-      SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!aNULL:!EXP:!MD5:!NULL<br />
+      SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5<br />
       SSLHonorCipherOrder on
     </code></p></div>
 
-    <p>This strongly reflects the default value of <code class="directive"><a href="../mod/mod_ssl.html#sslciphersuite">SSLCipherSuite</a></code> and is the recommanded way to configure it.</p>
-
 
 <h3><a name="strongurl" id="strongurl">How can I create an SSL server which accepts all types of ciphers
 in general, but requires a strong ciphers for access to a particular
@@ -101,7 +98,7 @@ URL?</a></h3>
       &lt;Location /strong/area&gt;<br />
       # but https://hostname/strong/area/ and below<br />
       # requires strong ciphers<br />
-      SSLCipherSuite HIGH:!aNULL:!EXP:!MD5:!NULL<br />
+      SSLCipherSuite HIGH:!aNULL:!MD5<br />
       &lt;/Location&gt;
     </code></p></div>
 
diff --git a/docs/manual/upgrading.html.en b/docs/manual/upgrading.html.en
index 268f52f174..56b7383c62 100644
--- a/docs/manual/upgrading.html.en
+++ b/docs/manual/upgrading.html.en
@@ -277,7 +277,8 @@
 
       <li><code class="module"><a href="./mod/mod_ssl.html">mod_ssl</a></code>: The default format of the <code>*_DN</code>
       variables has changed. The old format can still be used with the new
-      <code>LegacyDNStringFormat</code> argument to <code class="directive"><a href="./mod/mod_ssl.html#ssloptions">SSLOptions</a></code>.</li>
+      <code>LegacyDNStringFormat</code> argument to <code class="directive"><a href="./mod/mod_ssl.html#ssloptions">SSLOptions</a></code>. The SSLv2 protocol is
+      no longer supported.</li>
 
       <li><code class="program"><a href="./programs/htpasswd.html">htpasswd</a></code> now uses MD5 hash by default on
       all platforms.</li>

Description:	Configure usable SSL protocol versions
Description:	Configure usable SSL/TLS protocol versions
Syntax:	`SSLProtocol [+\|-]protocol ...`
Default:	`SSLProtocol all`
Context:	server config, virtual host
Module:	mod_ssl