From 7e96d1ca877c94dc0d8f5c6cdf9d02c332adbff8 Mon Sep 17 00:00:00 2001
From: Joe Orton <jorton@apache.org>
Date: Thu, 3 Jun 2004 15:43:09 +0000
Subject: [PATCH] Update transformations.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103839 13f79535-47bb-0310-9956-ffa450edef68
---
 docs/manual/mod/directives.html.en     |  2 +
 docs/manual/mod/mod_ssl.html.en        | 66 ++++++++++++++++++++------
 docs/manual/mod/quickreference.html.en |  4 +-
 3 files changed, 57 insertions(+), 15 deletions(-)
diff --git a/docs/manual/mod/directives.html.en b/docs/manual/mod/directives.html.en
index 9309b86dda..9db0425d06 100644
--- a/docs/manual/mod/directives.html.en
+++ b/docs/manual/mod/directives.html.en
@@ -353,7 +353,9 @@
 <li><a href="mod_ssl.html#sslcertificatefile">SSLCertificateFile</a></li>
 <li><a href="mod_ssl.html#sslcertificatekeyfile">SSLCertificateKeyFile</a></li>
 <li><a href="mod_ssl.html#sslciphersuite">SSLCipherSuite</a></li>
+<li><a href="mod_ssl.html#sslcryptodevice">SSLCryptoDevice</a></li>
 <li><a href="mod_ssl.html#sslengine">SSLEngine</a></li>
+<li><a href="mod_ssl.html#sslhonorcipherorder">SSLHonorCipherOrder</a></li>
 <li><a href="mod_ssl.html#sslmutex">SSLMutex</a></li>
 <li><a href="mod_ssl.html#ssloptions">SSLOptions</a></li>
 <li><a href="mod_ssl.html#sslpassphrasedialog">SSLPassPhraseDialog</a></li>
diff --git a/docs/manual/mod/mod_ssl.html.en b/docs/manual/mod/mod_ssl.html.en
index 881af738ef..8ec5f52f77 100644
--- a/docs/manual/mod/mod_ssl.html.en
+++ b/docs/manual/mod/mod_ssl.html.en
@@ -50,7 +50,9 @@ to provide the cryptography engine.</p>
 <li><img alt="" src="../images/down.gif" /> <a href="#sslcertificatefile">SSLCertificateFile</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#sslcertificatekeyfile">SSLCertificateKeyFile</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#sslciphersuite">SSLCipherSuite</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#sslcryptodevice">SSLCryptoDevice</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#sslengine">SSLEngine</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#sslhonorcipherorder">SSLHonorCipherOrder</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#sslmutex">SSLMutex</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#ssloptions">SSLOptions</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#sslpassphrasedialog">SSLPassPhraseDialog</a></li>
@@ -156,9 +158,7 @@ you find in the above table.</p>
 For backward compatibility there is additionally a special
 ``<code>%{</code><em>name</em><code>}c</code>'' cryptography format function
 provided. Information about this function is provided in the <a href="../ssl/ssl_compat.html">Compatibility</a> chapter.</p>
-<p>
-Example:</p>
-<div class="example"><p><code>
+<div class="example"><h3>Example</h3><p><code>
 CustomLog logs/ssl_request_log \
           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
 </code></p></div>
@@ -501,6 +501,33 @@ SSLCipherSuite RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW
 <tr><td><code>EXP-ADH-RC4-MD5</code></td> <td>SSLv3</td> <td>DH(512)</td> <td>None</td> <td>RC4(40)</td> <td>MD5</td> <td>  export</td> </tr>
 </table>
 
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="SSLCryptoDevice" id="SSLCryptoDevice">SSLCryptoDevice</a> <a name="sslcryptodevice" id="sslcryptodevice">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enable use of a cryptographic hardware accelerator</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLCryptoDevice <em>engine</em></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSLCryptoDevice builtin</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available if mod_ssl is built using <code>-DSSL_ENGINE_EXPERIMENTAL</code></td></tr>
+</table>
+<p>
+This directive enables use of a cryptographic hardware accelerator
+board to offload some of the SSL processing overhead.  This directive
+can only be used if the SSL toolkit is built with "engine" support;
+OpenSSL 0.9.7 and later releases have "engine" support by default, the
+separate "-engine" releases of OpenSSL 0.9.6 must be used.</p>
+
+<p>To discover which engine names are supported, run the command
+"<code>openssl engine</code>".</p>
+
+<div class="example"><h3>Example</h3><p><code>
+# For a Broadcom accelerator:<br />
+SSLCryptoDevice ubsec
+</code></p></div>
+
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="SSLEngine" id="SSLEngine">SSLEngine</a> <a name="sslengine" id="sslengine">Directive</a></h2>
@@ -524,6 +551,24 @@ SSLEngine on<br />
 &lt;/VirtualHost&gt;
 </code></p></div>
 
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="SSLHonorCipherOrder" id="SSLHonorCipherOrder">SSLHonorCipherOrder</a> <a name="sslhonorcipherorder" id="sslhonorcipherorder">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Option to prefer the server's cipher preference order</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLHonorCiperOrder <em>flag</em></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.1 and later, if using OpenSSL 0.9.7 or later</td></tr>
+</table>
+<p>When choosing a cipher during an SSLv3 or TLSv1 handshake, normally
+the client's preference is used.  If this directive is enabled, the
+server's preference will be used instead.</p>
+<div class="example"><h3>Example</h3><p><code>
+SSLHonorCipherOrder on
+</code></p></div>
+
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="SSLMutex" id="SSLMutex">SSLMutex</a> <a name="sslmutex" id="sslmutex">Directive</a></h2>
@@ -768,9 +813,7 @@ query can be done in two ways which can be configured by
     The reuse-algorithm above is used here, too. In other words: The external
     program is called only once per unique Pass Phrase.</p></li>
 </ul>
-<p>
-Example:</p>
-<div class="example"><p><code>
+<div class="example"><h3>Example</h3><p><code>
 SSLPassPhraseDialog exec:/usr/local/apache/sbin/pp-filter
 </code></p></div>
 
@@ -983,9 +1026,7 @@ or additionally to <code>SSLProxyMachineCertificatePath</code>.
 <div class="warning">
 <p>Currently there is no support for encrypted private keys</p>
 </div>
-<p>
-Example:</p>
-<div class="example"><p><code>
+<div class="example"><h3>Example</h3><p><code>
 SSLProxyMachineCertificateFile /usr/local/apache2/conf/ssl.crt/proxy.pem
 </code></p></div>
 
@@ -1013,9 +1054,7 @@ comes with mod_ssl to accomplish this task.
 <div class="warning">
 <p>Currently there is no support for encrypted private keys</p>
 </div>
-<p>
-Example:</p>
-<div class="example"><p><code>
+<div class="example"><h3>Example</h3><p><code>
 SSLProxyMachineCertificatePath /usr/local/apache2/conf/proxy.crt/
 </code></p></div> 
 
@@ -1449,11 +1488,10 @@ SSLSessionCacheTimeout 600
 <tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.1 and later</td></tr>
 </table>
 <p>
-
 This directive sets the "user" field in the Apache request object.
 This is used by lower modules to identify the user with a character
 string. In particular, this may cause the environment variable
-<code>REMOTE_USER</code> to be set.  The <code>varname</code> can be
+<code>REMOTE_USER</code> to be set.  The <em>varname</em> can be
 any of the <a href="#envvars">SSL environment variables</a>.</p>
 <div class="example"><h3>Example</h3><p><code>
 SSLUserName SSL_CLIENT_S_DN_CN
diff --git a/docs/manual/mod/quickreference.html.en b/docs/manual/mod/quickreference.html.en
index 38f1290980..ae2f43b52f 100644
--- a/docs/manual/mod/quickreference.html.en
+++ b/docs/manual/mod/quickreference.html.en
@@ -635,7 +635,9 @@ Client Auth</td></tr>
 <tr><td><a href="mod_ssl.html#sslcertificatekeyfile">SSLCertificateKeyFile <em>file-path</em></a></td><td></td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Server PEM-encoded Private Key file</td></tr>
 <tr class="odd"><td><a href="mod_ssl.html#sslciphersuite">SSLCipherSuite <em>cipher-spec</em></a></td><td> ALL:!ADH:RC4+RSA:+H +</td><td>svdh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Cipher Suite available for negotiation in SSL 
 handshake</td></tr>
-<tr><td><a href="mod_ssl.html#sslengine">SSLEngine on|off</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">SSL Engine Operation Switch</td></tr>
+<tr><td><a href="mod_ssl.html#sslcryptodevice">SSLCryptoDevice <em>engine</em></a></td><td> builtin </td><td>s</td><td>E</td></tr><tr><td class="descr" colspan="4">Enable use of a cryptographic hardware accelerator</td></tr>
+<tr class="odd"><td><a href="mod_ssl.html#sslengine">SSLEngine on|off</a></td><td> off </td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">SSL Engine Operation Switch</td></tr>
+<tr><td><a href="mod_ssl.html#sslhonorcipherorder">SSLHonorCiperOrder <em>flag</em></a></td><td></td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Option to prefer the server's cipher preference order</td></tr>
 <tr class="odd"><td><a href="mod_ssl.html#sslmutex">SSLMutex <em>type</em></a></td><td> none </td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Semaphore for internal mutual exclusion of 
 operations</td></tr>
 <tr><td><a href="mod_ssl.html#ssloptions">SSLOptions [+|-]<em>option</em> ...</a></td><td></td><td>svdh</td><td>E</td></tr><tr><td class="descr" colspan="4">Configure various SSL engine run-time options</td></tr>
-- 
2.50.1


Description:	Enable use of a cryptographic hardware accelerator
Syntax:	`SSLCryptoDevice engine`
Default:	`SSLCryptoDevice builtin`
Context:	server config
Status:	Extension
Module:	mod_ssl
Compatibility:	Available if mod_ssl is built using `-DSSL_ENGINE_EXPERIMENTAL`
Description:	Option to prefer the server's cipher preference order
Syntax:	`SSLHonorCiperOrder flag`
Context:	server config, virtual host
Status:	Extension
Module:	mod_ssl
Compatibility:	Available in Apache 2.1 and later, if using OpenSSL 0.9.7 or later