You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2005/07/08 17:17:30 UTC
svn commit: r209811 - in /httpd/httpd/trunk/docs/manual: mod/mod_ssl.html.en
mod/mod_ssl.xml ssl/ssl_faq.html.en
Author: jim
Date: Fri Jul 8 08:17:28 2005
New Revision: 209811
URL: http://svn.apache.org/viewcvs?rev=209811&view=rev
Log:
Fold in latest SSL doc changes
Modified:
httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en
httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml
httpd/httpd/trunk/docs/manual/ssl/ssl_faq.html.en
Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en?rev=209811&r1=209810&r2=209811&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en Fri Jul 8 08:17:28 2005
@@ -108,6 +108,7 @@
<tr><td><code>SSL_CIPHER_EXPORT</code></td> <td>string</td> <td><code>true</code> if cipher is an export cipher</td></tr>
<tr><td><code>SSL_CIPHER_USEKEYSIZE</code></td> <td>number</td> <td>Number of cipher bits (actually used)</td></tr>
<tr><td><code>SSL_CIPHER_ALGKEYSIZE</code></td> <td>number</td> <td>Number of cipher bits (possible)</td></tr>
+<tr><td><code>SSL_COMPRESS_METHOD</code></td> <td>string</td> <td>SSL compression method negotiated</td></tr>
<tr><td><code>SSL_VERSION_INTERFACE</code></td> <td>string</td> <td>The mod_ssl program version</td></tr>
<tr><td><code>SSL_VERSION_LIBRARY</code></td> <td>string</td> <td>The OpenSSL program version</td></tr>
<tr><td><code>SSL_CLIENT_M_VERSION</code></td> <td>string</td> <td>The version of the client certificate</td></tr>
@@ -1530,6 +1531,13 @@
will incur a noticeable speed penalty and may cause problems if
using certain browsers, particularly if client certificates are
enabled. This setting is not recommended.</p></li>
+
+<li><code>internal</code>
+
+ <p>This disables any global/inter-process Session Cache. However
+ it does allow OpenSSL to use its own internal session cache. This in
+ mainly useful in situations where a global cache cannot be used
+ but the client requires a non-null session ID.</p></li>
<li><code>dbm:/path/to/datafile</code>
Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml?rev=209811&r1=209810&r2=209811&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml Fri Jul 8 08:17:28 2005
@@ -412,6 +412,13 @@
using certain browsers, particularly if client certificates are
enabled. This setting is not recommended.</p></li>
+<li><code>internal</code>
+
+ <p>This disables any global/inter-process Session Cache. However
+ it does allow OpenSSL to use its own internal session cache. This in
+ mainly useful in situations where a global cache cannot be used
+ but the client requires a non-null session ID.</p></li>
+
<li><code>dbm:/path/to/datafile</code>
<p>This makes use of a DBM hashfile on the local disk to
Modified: httpd/httpd/trunk/docs/manual/ssl/ssl_faq.html.en
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/docs/manual/ssl/ssl_faq.html.en?rev=209811&r1=209810&r2=209811&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/ssl/ssl_faq.html.en (original)
+++ httpd/httpd/trunk/docs/manual/ssl/ssl_faq.html.en Fri Jul 8 08:17:28 2005
@@ -671,6 +671,7 @@
<li><a href="#vhosts">HTTPS and name-based vhosts</a></li>
<li><a href="#vhosts2">Why is it not possible to use Name-Based Virtual
Hosting to identify different SSL virtual hosts?</a></li>
+<li><a href="#comp">How do I get SSL compression working?</a></li>
<li><a href="#lockicon">The lock icon in Netscape locks very late</a></li>
<li><a href="#msie">Why do I get I/O errors with MSIE clients?</a></li>
<li><a href="#nn">Why do I get I/O errors with NS clients?</a></li>
@@ -793,6 +794,23 @@
<p>Use separate IP addresses for different SSL hosts.
Use different port numbers for different SSL hosts.</p>
+
+
+<h3><a name="comp" id="comp">How do I get SSL compression working?</a></h3>
+<p>Although SSL compression negotiation was already defined in the specification
+of SSLv2 and TLS, it took until May 2004 when RFC 3749 defined DEFLATE as
+a negotiable standard compression method.
+</p>
+<p>OpenSSL 0.9.8 started to support this by default when compiled with the
+<code>zlib</code> option. If both the client and the server support compression,
+it will be used. However, most clients still try to initially connect with an
+SSLv2 Hello. As SSLv2 did not include an array of prefered compression algorithms
+in its handshake, compression can not be negotiated with these clients.
+If the client disables support for SSLv2, based on the used SSL library
+a SSLv3 or TLS Hello might be sent and compression might be set up.
+You can verify if clients make use of SSL compression by logging the
+<code>%{SSL_COMPRESS_METHOD}x</code> variable.
+</p>
<h3><a name="lockicon" id="lockicon">When I use Basic Authentication over HTTPS the lock icon in Netscape browsers