From a344b93495641a9c7fd2ce8b854695f8e67210b7 Mon Sep 17 00:00:00 2001 From: Stefan Fritsch Date: Fri, 2 Aug 2013 21:43:09 +0000 Subject: [PATCH] Merge r1509872: Mention ECC support git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1509875 13f79535-47bb-0310-9956-ffa450edef68 --- docs/manual/mod/mod_ssl.xml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml index 856a41c12a..2348f3398d 100644 --- a/docs/manual/mod/mod_ssl.xml +++ b/docs/manual/mod/mod_ssl.xml @@ -297,12 +297,12 @@ query can be done in two ways which can be configured by Here an external program is configured which is called at startup for each encrypted Private Key file. It is called with two arguments (the first is of the form ``servername:portnumber'', the second is either - ``RSA'' or ``DSA''), which indicate for which - server and algorithm it has to print the corresponding Pass Phrase to - stdout. The intent is that this external program first runs - security checks to make sure that the system is not compromised by an - attacker, and only when these checks were passed successfully it provides - the Pass Phrase.

+ ``RSA'', ``DSA'', or ``ECC''), which + indicate for which server and algorithm it has to print the corresponding + Pass Phrase to stdout. The intent is that this external + program first runs security checks to make sure that the system is not + compromised by an attacker, and only when these checks were passed + successfully it provides the Pass Phrase.

Both these security checks, and the way the Pass Phrase is determined, can be as complex as you like. Mod_ssl just defines the interface: an @@ -803,8 +803,8 @@ This directive points to the PEM-encoded Certificate file for the server and optionally also to the corresponding RSA or DSA Private Key file for it (contained in the same file). If the contained Private Key is encrypted the Pass Phrase dialog is forced at startup time. This directive can be used up to -two times (referencing different filenames) when both a RSA and a DSA based -server certificate is used in parallel.

+three times (referencing different filenames) when both a RSA, a DSA, and an +ECC based server certificate is used in parallel.

Example SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt @@ -831,8 +831,8 @@ contains both the Certificate and the Private Key this directive need not be used. But we strongly discourage this practice. Instead we recommend you to separate the Certificate and the Private Key. If the contained Private Key is encrypted, the Pass Phrase dialog is forced -at startup time. This directive can be used up to two times -(referencing different filenames) when both a RSA and a DSA based +at startup time. This directive can be used up to three times +(referencing different filenames) when both a RSA, a DSA, and an ECC based private key is used in parallel.

Example -- 2.40.0