You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by el...@apache.org on 2017/10/18 14:22:44 UTC
svn commit: r1812519 - in /httpd/httpd/trunk/docs/manual/mod: mod_md.html.en
mod_ssl.html.en mod_ssl.xml.fr mod_ssl.xml.meta
Author: elukey
Date: Wed Oct 18 14:22:44 2017
New Revision: 1812519
URL: http://svn.apache.org/viewvc?rev=1812519&view=rev
Log:
Documentation rebuild
Modified:
httpd/httpd/trunk/docs/manual/mod/mod_md.html.en
httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en
httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml.fr
httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml.meta
Modified: httpd/httpd/trunk/docs/manual/mod/mod_md.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_md.html.en?rev=1812519&r1=1812518&r2=1812519&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_md.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_md.html.en Wed Oct 18 14:22:44 2017
@@ -510,12 +510,32 @@ MDRenewWindow 10%</pre>
<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">MDRequireHttps temporary</pre>
</div>
<p>you announce that you want all traffic via http: URLs to be redirected
- to the https: ones, for now. If you want client to no longer use the
+ to the https: ones, for now. This is safe and you can remove this again at
+ any time.
+ </p><p>
+ <strong>The following has consequences: </strong>if you want client to <strong>no longer</strong> use the
http: URLs, configure:
</p>
- <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">MDRequireHttps permanent</pre>
+ <div class="example"><h3>Permanent (for at least half a year!)</h3><pre class="prettyprint lang-config">MDRequireHttps permanent</pre>
</div>
- <p>You can achieve the same with mod_alias and some Redirect configuration,
+ <p>This does two things:
+ </p>
+ <ol>
+ <li>All request to the <code>http:</code> resources are redirected to the
+ same url with the <code>https:</code> scheme using the <code>301</code>
+ status code. This tells clients that this is intended to be forever and
+ the should update any links they have accordingly.
+ </li>
+ <li>All answers to <code>https:</code> requests will carry the header
+ <code>Strict-Transport-Security</code> with a life time of half a year.
+ This tells the browser that it <strong>never</strong> (for half a year) shall use <code>http:</code>
+ when talking to this domain name. Browsers will, after having seen this, refuse
+ to contact your unencrypted site. This prevents malicious middleware to
+ downgrade connections and listen/manipulate the traffic. Which is good. But
+ you cannot simply take it back again.
+ </li>
+ </ol>
+ <p>You can achieve the same with mod_alias and some Redirect configuration,
basically. If you do it yourself, please make sure to exclude the paths
/.well-known/* from your redirection, otherwise mod_md might have trouble
signing on new certificates.
@@ -524,20 +544,9 @@ MDRenewWindow 10%</pre>
it for a specific domain only, use:
</p>
<div class="example"><h3>Example</h3><pre class="prettyprint lang-config"><ManagedDomain xxx.yyy>
- MDRequireHttps permanent
+ MDRequireHttps temporary
</ManagedDomain></pre>
</div>
- <p>When you configure MDRequireHttps permanent, an additional security
- feature is automatically applied: HSTS. This adds the header
- Strict-Transport-Security to responses sent out via https:.
- Basically, this instructs the browser to only perform secure
- communications with that domain. This instruction holds for the
- amount of time specified in the header as 'max-age'.
- This is about half a year as generated by mod_md.
- </p><p>
- It is therefore advisable to first test the MDRequireHttps temporary
- configuration and switch to permanent only once that works satisfactory.
- </p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en?rev=1812519&r1=1812518&r2=1812519&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en Wed Oct 18 14:22:44 2017
@@ -201,7 +201,7 @@ compatibility variables.</p>
</table>
<p><em>x509</em> specifies a component of an X.509 DN; one of
-<code>C,ST,L,O,OU,CN,T,I,G,S,D,UID,Email</code>. In Apache 2.1 and
+<code>C,ST,L,O,OU,CN,T,I,G,S,D,UID,Email</code>. In httpd 2.2.0 and
later, <em>x509</em> may also include a numeric <code>_n</code>
suffix. If the DN in question contains multiple attributes of the
same name, this suffix is used as a zero-based index to select a
@@ -217,6 +217,12 @@ the <code class="directive"><a href="#ss
first (or only) attribute of any DN is added only under a non-suffixed
name; i.e. no <code>_0</code> suffixed entries are added.</p>
+<p>In httpd 2.5.0 and later, an optional <em>_RAW</em> suffix may be
+added to <em>x509</em> in a DN component, to suppress conversion of
+the attribute value to UTF-8. This must be placed after the index
+suffix (if any). For example, <code>SSL_SERVER_S_DN_OU_RAW</code> or
+<code>SSL_SERVER_S_DN_OU_0_RAW</code> could be used.</p>
+
<p>The format of the <em>*_DN</em> variables has changed in Apache HTTPD
2.3.11. See the <code>LegacyDNStringFormat</code> option for
<code class="directive"><a href="#ssloptions">SSLOptions</a></code> for details.</p>
Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml.fr
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml.fr?rev=1812519&r1=1812518&r2=1812519&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml.fr [utf-8] (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml.fr [utf-8] Wed Oct 18 14:22:44 2017
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision: 1807869 -->
+<!-- English Revision: 1807869:1811976 (outdated) -->
<!-- French translation : Lucien GENTIS -->
<!--
Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml.meta
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml.meta?rev=1812519&r1=1812518&r2=1812519&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml.meta (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml.meta Wed Oct 18 14:22:44 2017
@@ -8,6 +8,6 @@
<variants>
<variant>en</variant>
- <variant>fr</variant>
+ <variant outdated="yes">fr</variant>
</variants>
</metafile>