From b4441226c947894c5ec7b916c44e045ec4f43338 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Igor=20Gali=C4=87?= Date: Fri, 20 Apr 2012 21:57:11 +0000 Subject: [PATCH] update references, culling dead links and the dead SSLv2 protocol. Pending: update of the actual content. The text reads like it's ten years old, like certificate chaining is the hot new shit. It's not, people still get it wrong. We should address that. Among other things.. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1328523 13f79535-47bb-0310-9956-ffa450edef68 --- docs/manual/ssl/ssl_intro.xml | 49 +++++++++++++++++++++++------------ 1 file changed, 32 insertions(+), 17 deletions(-) diff --git a/docs/manual/ssl/ssl_intro.xml b/docs/manual/ssl/ssl_intro.xml index a12908ddf7..9bbfafd05d 100644 --- a/docs/manual/ssl/ssl_intro.xml +++ b/docs/manual/ssl/ssl_intro.xml @@ -240,7 +240,7 @@ certificates are used for authentication.

as *.snakeoil.com.

The binary format of a certificate is defined using the ASN.1 - notation [X208] [PKCS]. This + notation [ASN1] [PKCS]. This notation defines how to specify the contents and encoding rules define how this information is translated into binary form. The binary encoding of the certificate is defined using Distinguished Encoding @@ -387,8 +387,7 @@ establishing a protocol session.

Description Browser Support SSL v2.0 - Vendor Standard (from Netscape Corp.) [SSL2] + Vendor Standard (from Netscape Corp.) First SSL protocol for which implementations exist - NS Navigator 1.x/2.x
- MS IE 3.x
@@ -408,6 +407,18 @@ establishing a protocol session.

padding for block ciphers, message order standardization and more alert messages. - Lynx/2.8+OpenSSL + TLS v1.1 + Proposed Internet Standard (from IETF) [TLS11] + Update of TLS 1.0 to add protection against Cipher block chaining + (CBC) attacks. + - + TLS v1.2 + Proposed Internet Standard (from IETF) [TLS12] + Update of TLS 1.2 deprecating MD5 as hash, and adding incompatibility + to SSL so it will never negotiate the use of SSLv2. + - @@ -613,18 +624,17 @@ the Internet Engineering Task Force (IETF).

>http://www.counterpane.com/ for various other materials by Bruce Schneier. -
[X208]
+
[ASN1]
ITU-T Recommendation X.208, Specification of Abstract Syntax Notation -One (ASN.1), 1988. See for instance http://www.itu.int/rec/recommendation.asp?type=items&lang=e&parent=T-REC-X.208-198811-I. +One (ASN.1), last updated 2008. See http://www.itu.int/ITU-T/asn1/.
[X509]
ITU-T Recommendation X.509, The Directory - Authentication -Framework. See for instance http://www.itu.int/rec/recommendation.asp?type=folders&lang=e&parent=T-REC-X.509. +Framework. For references, see http://en.wikipedia.org/wiki/X.509.
[PKCS]
@@ -636,13 +646,8 @@ href="http://www.rsasecurity.com/rsalabs/pkcs/"
[MIME]
N. Freed, N. Borenstein, Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies, RFC2045. -See for instance http://ietf.org/rfc/rfc2045.txt.
- -
[SSL2]
-
Kipp E.B. Hickman, The SSL Protocol, 1995. See http://www.netscape.com/eng/security/SSL_2.html.
+See for instance http://tools.ietf.org/html/rfc2045.
[SSL3]
Alan O. Freier, Philip Karlton, Paul C. Kocher, The SSL Protocol @@ -654,6 +659,16 @@ href="http://www.netscape.com/eng/ssl3/draft302.txt"
Tim Dierks, Christopher Allen, The TLS Protocol Version 1.0, 1999. See http://ietf.org/rfc/rfc2246.txt.
+ +
[TLS11]
+
The TLS Protocol Version 1.1, +2006. See http://tools.ietf.org/html/rfc4346.
+ +
[TLS12]
+
The TLS Protocol Version 1.2, +2008. See http://tools.ietf.org/html/rfc5246.
-- 2.40.0