From: Yann Ylavic Date: Fri, 4 Apr 2014 13:18:26 +0000 (+0000) Subject: Remerge r1584555 but without the changes on (un-backportable) SSLOCSPUseRequestNonce. X-Git-Tag: 2.5.0-alpha~4357 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=deb7a7069ef8e010ab8ece04357c2e33f420eda1;p=apache Remerge r1584555 but without the changes on (un-backportable) SSLOCSPUseRequestNonce. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1584653 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml index 004a208213..6096bf33b6 100644 --- a/docs/manual/mod/mod_ssl.xml +++ b/docs/manual/mod/mod_ssl.xml @@ -2125,7 +2125,6 @@ SSLUserName SSL_CLIENT_S_DN_CN SSLHonorCipherOrder off server config virtual host -Available if using OpenSSL 0.9.7 or later

When choosing a cipher during an SSLv3 or TLSv1 handshake, normally @@ -2173,7 +2172,6 @@ SSLCryptoDevice ubsec SSLOCSPEnable off server config virtual host -Available in httpd 2.3 and later, if using OpenSSL 0.9.7 or later

This option enables OCSP validation of the client certificate @@ -2204,7 +2202,6 @@ SSLOCSPOverrideResponder on SSLOCSDefaultResponder uri server config virtual host -Available in httpd 2.3 and later, if using OpenSSL 0.9.7 or later

This option sets the default OCSP responder to use. If SSLOCSPOverrideResponder off server config virtual host -Available in httpd 2.3 and later, if using OpenSSL 0.9.7 or later

This option forces the configured default OCSP responder to be used @@ -2237,7 +2233,6 @@ certificate being validated references an OCSP responder.

SSLOCSPResponseTimeSkew 300 server config virtual host -Available in httpd 2.3 and later, if using OpenSSL 0.9.7 or later

This option sets the maximum allowable time skew for OCSP responses @@ -2252,7 +2247,6 @@ certificate being validated references an OCSP responder.

SSLOCSPResponseMaxAge -1 server config virtual host -Available in httpd 2.3 and later, if using OpenSSL 0.9.7 or later

This option sets the maximum allowable age ("freshness") for OCSP responses. @@ -2269,7 +2263,6 @@ which means that OCSP responses are considered valid as long as their SSLOCSPResponderTimeout 10 server config virtual host -Available in httpd 2.3 and later, if using OpenSSL 0.9.7 or later

This option sets the timeout for queries to OCSP responders, when @@ -2345,7 +2338,7 @@ supported for a given SSL connection.

SSLUseStapling off server config virtual host -Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later +Available if using OpenSSL 0.9.8h or later

This option enables OCSP stapling, as defined by the "Certificate @@ -2373,7 +2366,7 @@ stated goal of "saving roundtrips and resources" - see also Configures the OCSP stapling cache SSLStaplingCache type server config -Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later +Available if using OpenSSL 0.9.8h or later

Configures the cache used to store OCSP responses which get included @@ -2392,7 +2385,7 @@ the same storage types are supported as with SSLStaplingResponseTimeSkew 300 server config virtual host -Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later +Available if using OpenSSL 0.9.8h or later

This option sets the maximum allowable time skew when mod_ssl checks the @@ -2409,7 +2402,7 @@ if SSLUseStapling is turned on.

SSLStaplingResponderTimeout 10 server config virtual host -Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later +Available if using OpenSSL 0.9.8h or later

This option sets the timeout for queries to OCSP responders when @@ -2425,7 +2418,7 @@ and mod_ssl is querying a responder for OCSP stapling purposes.

SSLStaplingResponseMaxAge -1 server config virtual host -Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later +Available if using OpenSSL 0.9.8h or later

This option sets the maximum allowable age ("freshness") when @@ -2444,7 +2437,7 @@ which means that OCSP responses are considered valid as long as their SSLStaplingStandardCacheTimeout 3600 server config virtual host -Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later +Available if using OpenSSL 0.9.8h or later

Sets the timeout in seconds before responses in the OCSP stapling cache @@ -2463,7 +2456,7 @@ used for controlling the timeout for invalid/unavailable responses. SSLStaplingReturnResponderErrors on server config virtual host -Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later +Available if using OpenSSL 0.9.8h or later

When enabled, mod_ssl will pass responses from unsuccessful @@ -2480,7 +2473,7 @@ for failed queries will be included in the TLS handshake.

SSLStaplingFakeTryLater on server config virtual host -Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later +Available if using OpenSSL 0.9.8h or later

When enabled and a query to an OCSP responder for stapling @@ -2498,7 +2491,7 @@ is also enabled.

SSLStaplingErrorCacheTimeout 600 server config virtual host -Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later +Available if using OpenSSL 0.9.8h or later

Sets the timeout in seconds before invalid responses @@ -2515,7 +2508,7 @@ To set the cache timeout for valid responses, see SSLStaplingForceURL uri server config virtual host -Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later +Available if using OpenSSL 0.9.8h or later

This directive overrides the URI of an OCSP responder as obtained from