You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by yl...@apache.org on 2014/04/04 15:18:26 UTC
svn commit: r1584653 - /httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml
Author: ylavic
Date: Fri Apr 4 13:18:26 2014
New Revision: 1584653
URL: http://svn.apache.org/r1584653
Log:
Remerge r1584555 but without the changes on (un-backportable) SSLOCSPUseRequestNonce.
Modified:
httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml
Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml?rev=1584653&r1=1584652&r2=1584653&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml Fri Apr 4 13:18:26 2014
@@ -2125,7 +2125,6 @@ SSLUserName SSL_CLIENT_S_DN_CN
<default>SSLHonorCipherOrder off</default>
<contextlist><context>server config</context>
<context>virtual host</context></contextlist>
-<compatibility>Available if using OpenSSL 0.9.7 or later</compatibility>
<usage>
<p>When choosing a cipher during an SSLv3 or TLSv1 handshake, normally
@@ -2173,7 +2172,6 @@ SSLCryptoDevice ubsec
<default>SSLOCSPEnable off</default>
<contextlist><context>server config</context>
<context>virtual host</context></contextlist>
-<compatibility>Available in httpd 2.3 and later, if using OpenSSL 0.9.7 or later</compatibility>
<usage>
<p>This option enables OCSP validation of the client certificate
@@ -2204,7 +2202,6 @@ SSLOCSPOverrideResponder on
<syntax>SSLOCSDefaultResponder <em>uri</em></syntax>
<contextlist><context>server config</context>
<context>virtual host</context></contextlist>
-<compatibility>Available in httpd 2.3 and later, if using OpenSSL 0.9.7 or later</compatibility>
<usage>
<p>This option sets the default OCSP responder to use. If <directive
@@ -2221,7 +2218,6 @@ the certificate being verified.</p>
<default>SSLOCSPOverrideResponder off</default>
<contextlist><context>server config</context>
<context>virtual host</context></contextlist>
-<compatibility>Available in httpd 2.3 and later, if using OpenSSL 0.9.7 or later</compatibility>
<usage>
<p>This option forces the configured default OCSP responder to be used
@@ -2237,7 +2233,6 @@ certificate being validated references a
<default>SSLOCSPResponseTimeSkew 300</default>
<contextlist><context>server config</context>
<context>virtual host</context></contextlist>
-<compatibility>Available in httpd 2.3 and later, if using OpenSSL 0.9.7 or later</compatibility>
<usage>
<p>This option sets the maximum allowable time skew for OCSP responses
@@ -2252,7 +2247,6 @@ certificate being validated references a
<default>SSLOCSPResponseMaxAge -1</default>
<contextlist><context>server config</context>
<context>virtual host</context></contextlist>
-<compatibility>Available in httpd 2.3 and later, if using OpenSSL 0.9.7 or later</compatibility>
<usage>
<p>This option sets the maximum allowable age ("freshness") for OCSP responses.
@@ -2269,7 +2263,6 @@ which means that OCSP responses are cons
<default>SSLOCSPResponderTimeout 10</default>
<contextlist><context>server config</context>
<context>virtual host</context></contextlist>
-<compatibility>Available in httpd 2.3 and later, if using OpenSSL 0.9.7 or later</compatibility>
<usage>
<p>This option sets the timeout for queries to OCSP responders, when
@@ -2345,7 +2338,7 @@ supported for a given SSL connection.</p
<default>SSLUseStapling off</default>
<contextlist><context>server config</context>
<context>virtual host</context></contextlist>
-<compatibility>Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later</compatibility>
+<compatibility>Available if using OpenSSL 0.9.8h or later</compatibility>
<usage>
<p>This option enables OCSP stapling, as defined by the "Certificate
@@ -2373,7 +2366,7 @@ stated goal of "saving roundtrips and re
<description>Configures the OCSP stapling cache</description>
<syntax>SSLStaplingCache <em>type</em></syntax>
<contextlist><context>server config</context></contextlist>
-<compatibility>Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later</compatibility>
+<compatibility>Available if using OpenSSL 0.9.8h or later</compatibility>
<usage>
<p>Configures the cache used to store OCSP responses which get included
@@ -2392,7 +2385,7 @@ the same storage types are supported as
<default>SSLStaplingResponseTimeSkew 300</default>
<contextlist><context>server config</context>
<context>virtual host</context></contextlist>
-<compatibility>Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later</compatibility>
+<compatibility>Available if using OpenSSL 0.9.8h or later</compatibility>
<usage>
<p>This option sets the maximum allowable time skew when mod_ssl checks the
@@ -2409,7 +2402,7 @@ if <directive module="mod_ssl">SSLUseSta
<default>SSLStaplingResponderTimeout 10</default>
<contextlist><context>server config</context>
<context>virtual host</context></contextlist>
-<compatibility>Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later</compatibility>
+<compatibility>Available if using OpenSSL 0.9.8h or later</compatibility>
<usage>
<p>This option sets the timeout for queries to OCSP responders when
@@ -2425,7 +2418,7 @@ and mod_ssl is querying a responder for
<default>SSLStaplingResponseMaxAge -1</default>
<contextlist><context>server config</context>
<context>virtual host</context></contextlist>
-<compatibility>Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later</compatibility>
+<compatibility>Available if using OpenSSL 0.9.8h or later</compatibility>
<usage>
<p>This option sets the maximum allowable age ("freshness") when
@@ -2444,7 +2437,7 @@ which means that OCSP responses are cons
<default>SSLStaplingStandardCacheTimeout 3600</default>
<contextlist><context>server config</context>
<context>virtual host</context></contextlist>
-<compatibility>Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later</compatibility>
+<compatibility>Available if using OpenSSL 0.9.8h or later</compatibility>
<usage>
<p>Sets the timeout in seconds before responses in the OCSP stapling cache
@@ -2463,7 +2456,7 @@ used for controlling the timeout for inv
<default>SSLStaplingReturnResponderErrors on</default>
<contextlist><context>server config</context>
<context>virtual host</context></contextlist>
-<compatibility>Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later</compatibility>
+<compatibility>Available if using OpenSSL 0.9.8h or later</compatibility>
<usage>
<p>When enabled, mod_ssl will pass responses from unsuccessful
@@ -2480,7 +2473,7 @@ for failed queries will be included in t
<default>SSLStaplingFakeTryLater on</default>
<contextlist><context>server config</context>
<context>virtual host</context></contextlist>
-<compatibility>Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later</compatibility>
+<compatibility>Available if using OpenSSL 0.9.8h or later</compatibility>
<usage>
<p>When enabled and a query to an OCSP responder for stapling
@@ -2498,7 +2491,7 @@ is also enabled.</p>
<default>SSLStaplingErrorCacheTimeout 600</default>
<contextlist><context>server config</context>
<context>virtual host</context></contextlist>
-<compatibility>Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later</compatibility>
+<compatibility>Available if using OpenSSL 0.9.8h or later</compatibility>
<usage>
<p>Sets the timeout in seconds before <em>invalid</em> responses
@@ -2515,7 +2508,7 @@ To set the cache timeout for valid respo
<syntax>SSLStaplingForceURL <em>uri</em></syntax>
<contextlist><context>server config</context>
<context>virtual host</context></contextlist>
-<compatibility>Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later</compatibility>
+<compatibility>Available if using OpenSSL 0.9.8h or later</compatibility>
<usage>
<p>This directive overrides the URI of an OCSP responder as obtained from