From a4199b0a0500dcda9598214301b3eaa4b51979aa Mon Sep 17 00:00:00 2001 From: Yann Ylavic Date: Fri, 4 Apr 2014 13:11:48 +0000 Subject: [PATCH] Revert r1584555 for the time being. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1584652 13f79535-47bb-0310-9956-ffa450edef68 --- docs/manual/mod/mod_ssl.xml | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml index bf43230a02..004a208213 100644 --- a/docs/manual/mod/mod_ssl.xml +++ b/docs/manual/mod/mod_ssl.xml @@ -2125,6 +2125,7 @@ SSLUserName SSL_CLIENT_S_DN_CN SSLHonorCipherOrder off server config virtual host +Available if using OpenSSL 0.9.7 or later

When choosing a cipher during an SSLv3 or TLSv1 handshake, normally @@ -2172,6 +2173,7 @@ SSLCryptoDevice ubsec SSLOCSPEnable off server config virtual host +Available in httpd 2.3 and later, if using OpenSSL 0.9.7 or later

This option enables OCSP validation of the client certificate @@ -2202,6 +2204,7 @@ SSLOCSPOverrideResponder on SSLOCSDefaultResponder uri server config virtual host +Available in httpd 2.3 and later, if using OpenSSL 0.9.7 or later

This option sets the default OCSP responder to use. If SSLOCSPOverrideResponder off server config virtual host +Available in httpd 2.3 and later, if using OpenSSL 0.9.7 or later

This option forces the configured default OCSP responder to be used @@ -2233,6 +2237,7 @@ certificate being validated references an OCSP responder.

SSLOCSPResponseTimeSkew 300 server config virtual host +Available in httpd 2.3 and later, if using OpenSSL 0.9.7 or later

This option sets the maximum allowable time skew for OCSP responses @@ -2247,6 +2252,7 @@ certificate being validated references an OCSP responder.

SSLOCSPResponseMaxAge -1 server config virtual host +Available in httpd 2.3 and later, if using OpenSSL 0.9.7 or later

This option sets the maximum allowable age ("freshness") for OCSP responses. @@ -2263,6 +2269,7 @@ which means that OCSP responses are considered valid as long as their SSLOCSPResponderTimeout 10 server config virtual host +Available in httpd 2.3 and later, if using OpenSSL 0.9.7 or later

This option sets the timeout for queries to OCSP responders, when @@ -2277,7 +2284,7 @@ which means that OCSP responses are considered valid as long as their SSLOCSPUseRequestNonce on server config virtual host -Available in httpd 2.4.10 and later +Available in httpd 2.4.10 and later, if using OpenSSL 0.9.7 or later

This option determines whether queries to OCSP responders should contain @@ -2338,7 +2345,7 @@ supported for a given SSL connection.

SSLUseStapling off server config virtual host -Available if using OpenSSL 0.9.8h or later +Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later

This option enables OCSP stapling, as defined by the "Certificate @@ -2366,7 +2373,7 @@ stated goal of "saving roundtrips and resources" - see also Configures the OCSP stapling cache SSLStaplingCache type server config -Available if using OpenSSL 0.9.8h or later +Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later

Configures the cache used to store OCSP responses which get included @@ -2385,7 +2392,7 @@ the same storage types are supported as with SSLStaplingResponseTimeSkew 300 server config virtual host -Available if using OpenSSL 0.9.8h or later +Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later

This option sets the maximum allowable time skew when mod_ssl checks the @@ -2402,7 +2409,7 @@ if SSLUseStapling is turned on.

SSLStaplingResponderTimeout 10 server config virtual host -Available if using OpenSSL 0.9.8h or later +Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later

This option sets the timeout for queries to OCSP responders when @@ -2418,7 +2425,7 @@ and mod_ssl is querying a responder for OCSP stapling purposes.

SSLStaplingResponseMaxAge -1 server config virtual host -Available if using OpenSSL 0.9.8h or later +Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later

This option sets the maximum allowable age ("freshness") when @@ -2437,7 +2444,7 @@ which means that OCSP responses are considered valid as long as their SSLStaplingStandardCacheTimeout 3600 server config virtual host -Available if using OpenSSL 0.9.8h or later +Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later

Sets the timeout in seconds before responses in the OCSP stapling cache @@ -2456,7 +2463,7 @@ used for controlling the timeout for invalid/unavailable responses. SSLStaplingReturnResponderErrors on server config virtual host -Available if using OpenSSL 0.9.8h or later +Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later

When enabled, mod_ssl will pass responses from unsuccessful @@ -2473,7 +2480,7 @@ for failed queries will be included in the TLS handshake.

SSLStaplingFakeTryLater on server config virtual host -Available if using OpenSSL 0.9.8h or later +Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later

When enabled and a query to an OCSP responder for stapling @@ -2491,7 +2498,7 @@ is also enabled.

SSLStaplingErrorCacheTimeout 600 server config virtual host -Available if using OpenSSL 0.9.8h or later +Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later

Sets the timeout in seconds before invalid responses @@ -2508,7 +2515,7 @@ To set the cache timeout for valid responses, see SSLStaplingForceURL uri server config virtual host -Available if using OpenSSL 0.9.8h or later +Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later

This directive overrides the URI of an OCSP responder as obtained from -- 2.40.0