From 5c6e6f233d81c71eff70e04fb215b89c7a409a92 Mon Sep 17 00:00:00 2001 From: Luca Toscano Date: Thu, 17 Aug 2017 15:30:07 +0000 Subject: [PATCH] documentation rebuild git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1805303 13f79535-47bb-0310-9956-ffa450edef68 --- docs/manual/mod/mod_ssl.html.en | 69 ++++++++++++++++++++------------- docs/manual/mod/mod_ssl.xml.fr | 2 +- 2 files changed, 43 insertions(+), 28 deletions(-) diff --git a/docs/manual/mod/mod_ssl.html.en b/docs/manual/mod/mod_ssl.html.en index c9ad842d09..a69fb17ba6 100644 --- a/docs/manual/mod/mod_ssl.html.en +++ b/docs/manual/mod/mod_ssl.html.en @@ -1489,7 +1489,7 @@ compatible and securely with current browsers.

by running the following command. This list shows you the detailed configurations each policy is made of:

-

List all Defined Policies

> httpd -t -D DUMP_SSL_POLICIES
+

List all Defined Policies

httpd -t -D DUMP_SSL_POLICIES

The directive can only be used in the server config (global context), so @@ -1553,43 +1553,58 @@ be setup like this:

This directive applies the set of SSL* directives defined under 'name' (see <SSLPolicy>) as the base -settings in the current context. That means that any other SSL* directives -you make in the same context remain effective. So, the effective -SSLProtocol value in the following settings are:

+settings in the current context. Apache comes with the following pre-defined policies from +Mozilla, the makers of the Firefox browser +(see here +for a detailed description by them.): +

+ -

Policy Precedence

   <VirtualHost...> # effective: 'all'
-      SSLPolicy modern
-      SSLProtocol all
-   </VirtualHost>
+
You can check the detailed description of all defined policies via the command line:

+
List all Defined Policies
httpd -t -D DUMP_SSL_POLICIES

+

 
-   <VirtualHost...> # effective: 'all'
-      SSLProtocol all
-      SSLPolicy modern
-   </VirtualHost>
+
A SSLPolicy defines the baseline for the context it is used in. That means that any 
+other SSL* directives in the same context override it. As an example of this, see the effective
+SSLProtocol value in the following settings:

 
+
Policy Precedence
<VirtualHost...> # effective: 'all'
    SSLPolicy modern
-   <VirtualHost...> # effective: 'all'
-      SSLProtocol all
-   </VirtualHost>
-   
    SSLProtocol all
-   <VirtualHost...> # effective: '+TLSv1.2'
-     SSLPolicy modern
-   </VirtualHost>

+</VirtualHost>
+
+<VirtualHost...> # effective: 'all'
+   SSLProtocol all
+   SSLPolicy modern
+</VirtualHost>
+
+SSLPolicy modern
+<VirtualHost...> # effective: 'all'
+   SSLProtocol all
+</VirtualHost>
+   
+SSLProtocol all
+<VirtualHost...> # effective: '+TLSv1.2'
+  SSLPolicy modern
+</VirtualHost>

There can be more than one policy applied in a context. The later ones overshadowing the earlier ones:

-

Policy Ordering

   <VirtualHost...> # effective: 'intermediate > modern'
-      SSLPolicy modern
-      SSLPolicy intermediate
-   </VirtualHost>
+
Policy Ordering
<VirtualHost...> # effective protocol: 'all -SSLv3'
+   SSLPolicy modern
+   SSLPolicy intermediate
+</VirtualHost>
 
-   <VirtualHost...> # effective: 'modern > intermediate'
-      SSLPolicy intermediate
-      SSLPolicy modern
-   </VirtualHost>

+<VirtualHost...> # effective protocol: '+TLSv1.2'
+   SSLPolicy intermediate
+   SSLPolicy modern
+</VirtualHost>
diff --git a/docs/manual/mod/mod_ssl.xml.fr b/docs/manual/mod/mod_ssl.xml.fr index e4da18c356..703b413052 100644 --- a/docs/manual/mod/mod_ssl.xml.fr +++ b/docs/manual/mod/mod_ssl.xml.fr @@ -1,7 +1,7 @@ - +