You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by sf...@apache.org on 2013/08/02 23:43:09 UTC
svn commit: r1509875 - in /httpd/httpd/branches/2.4.x: ./
docs/manual/mod/mod_ssl.xml
Author: sf
Date: Fri Aug 2 21:43:09 2013
New Revision: 1509875
URL: http://svn.apache.org/r1509875
Log:
Merge r1509872:
Mention ECC support
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1509872
Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml?rev=1509875&r1=1509874&r2=1509875&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml Fri Aug 2 21:43:09 2013
@@ -297,12 +297,12 @@ query can be done in two ways which can
Here an external program is configured which is called at startup for each
encrypted Private Key file. It is called with two arguments (the first is
of the form ``<code>servername:portnumber</code>'', the second is either
- ``<code>RSA</code>'' or ``<code>DSA</code>''), which indicate for which
- server and algorithm it has to print the corresponding Pass Phrase to
- <code>stdout</code>. The intent is that this external program first runs
- security checks to make sure that the system is not compromised by an
- attacker, and only when these checks were passed successfully it provides
- the Pass Phrase.</p>
+ ``<code>RSA</code>'', ``<code>DSA</code>'', or ``<code>ECC</code>''), which
+ indicate for which server and algorithm it has to print the corresponding
+ Pass Phrase to <code>stdout</code>. The intent is that this external
+ program first runs security checks to make sure that the system is not
+ compromised by an attacker, and only when these checks were passed
+ successfully it provides the Pass Phrase.</p>
<p>
Both these security checks, and the way the Pass Phrase is determined, can
be as complex as you like. Mod_ssl just defines the interface: an
@@ -803,8 +803,8 @@ This directive points to the PEM-encoded
optionally also to the corresponding RSA or DSA Private Key file for it
(contained in the same file). If the contained Private Key is encrypted the
Pass Phrase dialog is forced at startup time. This directive can be used up to
-two times (referencing different filenames) when both a RSA and a DSA based
-server certificate is used in parallel.</p>
+three times (referencing different filenames) when both a RSA, a DSA, and an
+ECC based server certificate is used in parallel.</p>
<example><title>Example</title>
<highlight language="config">
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt
@@ -831,8 +831,8 @@ contains both the Certificate and the Pr
not be used. But we strongly discourage this practice. Instead we
recommend you to separate the Certificate and the Private Key. If the
contained Private Key is encrypted, the Pass Phrase dialog is forced
-at startup time. This directive can be used up to two times
-(referencing different filenames) when both a RSA and a DSA based
+at startup time. This directive can be used up to three times
+(referencing different filenames) when both a RSA, a DSA, and an ECC based
private key is used in parallel.</p>
<example><title>Example</title>
<highlight language="config">