From eaccca5df3292848d70d47dbd7480092f8bc0b62 Mon Sep 17 00:00:00 2001
From: Jim Jagielski <jim@apache.org>
Date: Fri, 8 Jul 2005 15:17:28 +0000
Subject: [PATCH] Fold in latest SSL doc changes

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209811 13f79535-47bb-0310-9956-ffa450edef68
---
 docs/manual/mod/mod_ssl.html.en |  8 ++++++++
 docs/manual/mod/mod_ssl.xml     |  7 +++++++
 docs/manual/ssl/ssl_faq.html.en | 18 ++++++++++++++++++
 3 files changed, 33 insertions(+)

diff --git a/docs/manual/mod/mod_ssl.html.en b/docs/manual/mod/mod_ssl.html.en
index 6e9f64b995..a3c81554d8 100644
--- a/docs/manual/mod/mod_ssl.html.en
+++ b/docs/manual/mod/mod_ssl.html.en
@@ -108,6 +108,7 @@ compatibility variables.</p>
 <tr><td><code>SSL_CIPHER_EXPORT</code></td>             <td>string</td>    <td><code>true</code> if cipher is an export cipher</td></tr>
 <tr><td><code>SSL_CIPHER_USEKEYSIZE</code></td>         <td>number</td>    <td>Number of cipher bits (actually used)</td></tr>
 <tr><td><code>SSL_CIPHER_ALGKEYSIZE</code></td>         <td>number</td>    <td>Number of cipher bits (possible)</td></tr>
+<tr><td><code>SSL_COMPRESS_METHOD</code></td>           <td>string</td>    <td>SSL compression method negotiated</td></tr>
 <tr><td><code>SSL_VERSION_INTERFACE</code></td>         <td>string</td>    <td>The mod_ssl program version</td></tr>
 <tr><td><code>SSL_VERSION_LIBRARY</code></td>           <td>string</td>    <td>The OpenSSL program version</td></tr>
 <tr><td><code>SSL_CLIENT_M_VERSION</code></td>          <td>string</td>    <td>The version of the client certificate</td></tr>
@@ -1531,6 +1532,13 @@ The following four storage <em>type</em>s are currently supported:</p>
     using certain browsers, particularly if client certificates are
     enabled.  This setting is not recommended.</p></li>
 
+<li><code>internal</code>
+
+    <p>This disables any global/inter-process Session Cache.  However
+    it does allow OpenSSL to use its own internal session cache. This in
+    mainly useful in situations where a global cache cannot be used
+    but the client requires a non-null session ID.</p></li>
+
 <li><code>dbm:/path/to/datafile</code>
 
     <p>This makes use of a DBM hashfile on the local disk to
diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml
index cf1de480e5..c93e5b1918 100644
--- a/docs/manual/mod/mod_ssl.xml
+++ b/docs/manual/mod/mod_ssl.xml
@@ -412,6 +412,13 @@ The following four storage <em>type</em>s are currently supported:</p>
     using certain browsers, particularly if client certificates are
     enabled.  This setting is not recommended.</p></li>
 
+<li><code>internal</code>
+
+    <p>This disables any global/inter-process Session Cache.  However
+    it does allow OpenSSL to use its own internal session cache. This in
+    mainly useful in situations where a global cache cannot be used
+    but the client requires a non-null session ID.</p></li>
+
 <li><code>dbm:/path/to/datafile</code>
 
     <p>This makes use of a DBM hashfile on the local disk to
diff --git a/docs/manual/ssl/ssl_faq.html.en b/docs/manual/ssl/ssl_faq.html.en
index d87803023b..b58b57bc19 100644
--- a/docs/manual/ssl/ssl_faq.html.en
+++ b/docs/manual/ssl/ssl_faq.html.en
@@ -671,6 +671,7 @@ browsers complain that they cannot verify the server certificate?</a></h3>
 <li><a href="#vhosts">HTTPS and name-based vhosts</a></li>
 <li><a href="#vhosts2">Why is it not possible to use Name-Based Virtual
 Hosting to identify different SSL virtual hosts?</a></li>
+<li><a href="#comp">How do I get SSL compression working?</a></li>
 <li><a href="#lockicon">The lock icon in Netscape locks very late</a></li>
 <li><a href="#msie">Why do I get I/O errors with MSIE clients?</a></li>
 <li><a href="#nn">Why do I get I/O errors with NS clients?</a></li>
@@ -795,6 +796,23 @@ Virtual Hosting to identify different SSL virtual hosts?</a></h3>
     Use different port numbers for different SSL hosts.</p> 
 
 
+<h3><a name="comp" id="comp">How do I get SSL compression working?</a></h3>
+<p>Although SSL compression negotiation was already defined in the specification
+of SSLv2 and TLS, it took until May 2004 when RFC 3749 defined DEFLATE as
+a negotiable standard compression method.
+</p>
+<p>OpenSSL 0.9.8 started to support this by default when compiled with the
+<code>zlib</code> option. If both the client and the server support compression,
+it will be used. However, most clients still try to initially connect with an
+SSLv2 Hello. As SSLv2 did not include an array of prefered compression algorithms
+in its handshake, compression can not be negotiated with these clients.
+If the client disables support for SSLv2, based on the used SSL library 
+a SSLv3 or TLS Hello might be sent and compression might be set up.
+You can verify if clients make use of SSL compression by logging the
+<code>%{SSL_COMPRESS_METHOD}x</code> variable.
+</p>
+
+
 <h3><a name="lockicon" id="lockicon">When I use Basic Authentication over HTTPS the lock icon in Netscape browsers
 still shows the unlocked state when the dialog pops up. Does this mean the
 username/password is still transmitted unencrypted?</a></h3>
-- 
2.40.0