db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From be...@apache.org
Subject svn commit: r551084 - in /db/derby/docs/branches/10.3/src: adminguide/ devguide/ ref/
Date Wed, 27 Jun 2007 07:24:17 GMT
Author: bernt
Date: Wed Jun 27 00:24:13 2007
New Revision: 551084

URL: http://svn.apache.org/viewvc?view=rev&rev=551084
Log:
DERBY-2803 Merged with svn merge -r 551079:551080 https://svn.apache.org/repos/asf/db/derby/docs/trunk

Modified:
    db/derby/docs/branches/10.3/src/adminguide/cadminssl.dita
    db/derby/docs/branches/10.3/src/adminguide/cadminssladmin.dita
    db/derby/docs/branches/10.3/src/adminguide/cadminsslclient.dita
    db/derby/docs/branches/10.3/src/adminguide/cadminsslkeys.dita
    db/derby/docs/branches/10.3/src/adminguide/cadminsslserver.dita
    db/derby/docs/branches/10.3/src/adminguide/derbyadmin.ditamap
    db/derby/docs/branches/10.3/src/devguide/cdevcsecuree.dita
    db/derby/docs/branches/10.3/src/ref/rrefattribssl.dita

Modified: db/derby/docs/branches/10.3/src/adminguide/cadminssl.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.3/src/adminguide/cadminssl.dita?view=diff&rev=551084&r1=551083&r2=551084
==============================================================================
--- db/derby/docs/branches/10.3/src/adminguide/cadminssl.dita (original)
+++ db/derby/docs/branches/10.3/src/adminguide/cadminssl.dita Wed Jun 27 00:24:13 2007
@@ -18,20 +18,31 @@
 limitations under the License.
 -->
 <concept id="cadminssl" xml:lang="en-us">
-<title>SSL/TLS</title>
+<title>Network encryption and authentication with SSL/TLS</title>
 <prolog><metadata>
 <keywords><indexterm>Network Server<indexterm>SSL</indexterm></indexterm><indexterm>Network
Server<indexterm>TLS</indexterm></indexterm><indexterm>SSL</indexterm><indexterm>TLS</indexterm></keywords>
 </metadata></prolog>
 <conbody>
-<p><ph conref="../conrefs.dita#prod/productshortname"></ph> Network
-Server and Network Client may encrypt communication using SSL/TLS
-(Secure Socket Layer/Transport Layer Security) and
-also do certificate based authentication of the peer (the server may
-authenticate the client and the client may authenticate the
-server). It is assumed that the reader is somewhat familiar with SSL,
+<p>By default, all <ph
+conref="../conrefs.dita#prod/productshortname"></ph> network traffic
+is unencrypted, with the exception of user names and user passwords
+which may be encrypted separately (See <xref
+href="cadminappsclientsecurity.dita#cadminappsclientsecurity"></xref>). There
+is also no network layer access control mechanism. For deployment
+scenarios where these are possible security issues, <ph
+conref="../conrefs.dita#prod/productshortname"></ph> Network Server
+supports network security with Secure Socket Layer/Transport Layer
+Security (SSL/TLS).
+</p>
+<p>With SSL/TLS, the client/server communication protcol is encrypted
+and both the client and the server may independently of each other
+require certificate based authentication of the other part.
+</p><p> It is assumed that the reader is somewhat familiar with SSL,
 key pairs and certificates. This documentation is also based on the
-Sun JDK and its keytool application. For the remainder of this
-section, the term "SSL" is used for both SSL and TLS.
+Sun JDK and its <codeph>keytool</codeph> application.
+</p><p> For the remainder of this section, the term <i>SSL</i> is
used
+for SSL/TLS and the term <i>peer</i> is used for the other part of the
+communication (The server's <i>peer</i> is the client and vice versa).
 </p>
 <p>SSL for <ph conref="../conrefs.dita#prod/productshortname"></ph>
 (both for client and for server) operates in three possible modes:
@@ -45,8 +56,13 @@
 Peer authentication may be set either on the server or on the client
 or on both. Peer authentication means that the other side of the SSL
 connection is authenticated based on a trusted certificate installed
-locally. Alternatively, a CA certificate is installed locally and the
-peer has a signed key.
+locally. 
+</p>
+<p>Alternatively, a Certification Authority (CA) certificate may be
+installed locally and the peer has a certificate signed by that
+authority. How to achieve this is not descibed in this
+document. Consult your Java environment documentation for details on
+this.
 </p>
 <p>
 <note type="attention">

Modified: db/derby/docs/branches/10.3/src/adminguide/cadminssladmin.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.3/src/adminguide/cadminssladmin.dita?view=diff&rev=551084&r1=551083&r2=551084
==============================================================================
--- db/derby/docs/branches/10.3/src/adminguide/cadminssladmin.dita (original)
+++ db/derby/docs/branches/10.3/src/adminguide/cadminssladmin.dita Wed Jun 27 00:24:13 2007
@@ -24,18 +24,33 @@
 </metadata></prolog>
 
 <conbody>
+<section>
 <p>The other server commands (<codeph>shutdown</codeph>,
 <codeph>ping</codeph>, <codeph>sysinfo</codeph>,
 <codeph>runtimeinfo</codeph>, <codeph>logconnections</codeph>,
 <codeph>maxthreads</codeph>, <codeph>timeslice</codeph>,
 <codeph>trace</codeph>, <codeph>tracedirectory</codeph>) are 
-implemented as clients, and they behave as clients with regards to
-SSL. For example the command
+implemented as <xref
+href="cadminsslclient.dita#cadminsslclient">clients</xref>, and they
+behave exactly as clients with regards to SSL. The SSL mode is set
+with the property <codeph>derby.drda.sslMode</codeph> or the server
+command option <codeph>-ssl</codeph>.
+</p>
+</section>
+
+<example><title>Example:</title>
 <codeblock>
 java -jar derbyrun.jar server shutdown -ssl basic
 </codeblock>
-will shutdown an SSL-enabled server. Similarly, if you have
-peerAuthentication on both sides, use the following command:
+<p>will shutdown an SSL-enabled server. </p>
+</example>
+
+<example>
+<title>Example:</title>
+<p>
+Similarly, if you have peerAuthentication on both sides, use the
+following command: 
+</p>
 <codeblock>
 java -Djavax.net.ssl.keyStore=clientKeyStore.key \
      -Djavax.net.ssl.keyStorePassword=qwerty \
@@ -43,7 +58,7 @@
      -Djavax.net.ssl.trustStorePassword=qwerty \
      -jar derbyrun.jar server shutdown -ssl peerAuthentication
 </codeblock>
-</p>
+</example>
 
 </conbody>
 </concept>

Modified: db/derby/docs/branches/10.3/src/adminguide/cadminsslclient.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.3/src/adminguide/cadminsslclient.dita?view=diff&rev=551084&r1=551083&r2=551084
==============================================================================
--- db/derby/docs/branches/10.3/src/adminguide/cadminsslclient.dita (original)
+++ db/derby/docs/branches/10.3/src/adminguide/cadminsslclient.dita Wed Jun 27 00:24:13 2007
@@ -18,54 +18,82 @@
 limitations under the License.
 -->
 <concept id="cadminsslclient" xml:lang="en-us">
-<title>Running the client</title>
+<title>Running the client with SSL/TLS</title>
 <prolog><metadata>
-<keywords><indexterm>Network Server<indexterm>SSL</indexterm></indexterm><indexterm>Network
Server<indexterm>TLS</indexterm></indexterm><indexterm>SSL</indexterm><indexterm>TLS</indexterm></keywords>
+<keywords><indexterm>Network Client<indexterm>SSL</indexterm></indexterm><indexterm>Network
Client<indexterm>TLS</indexterm></indexterm><indexterm>SSL</indexterm><indexterm>TLS</indexterm></keywords>
 </metadata></prolog>
 <conbody>
+<p>Basic SSL encryption on the client is enabled either by the URL attribute
+<codeph>ssl</codeph>, the property <codeph>ssl</codeph> or the
+datasource attribute <codeph>ssl</codeph> set to <codeph>basic</codeph>.</p>
 
-<section>
-<title>Basic SSL encryption</title>
-<p>SSL on the client is enabled by the URL attribute <codeph>ssl</codeph>
or the
-property <codeph>ssl</codeph> set to <codeph>basic</codeph>.</p>
-<p>Example:</p>
+<example>
+<title>Example:</title>
 <codeblock>
 Connection c = 
    getConnection("jdbc:derby://myhost:1527/db;ssl=basic");
 </codeblock>
-</section>
+</example>
 
 <section>
-<title>With peer (server) authentication</title>
-<p>SSL with peer (server) authentication is enabled by the URL
+<title>Running a client which authenticates the server</title>
+<p>If the client wants to authenticate the server, then the client's
+<i>trust store</i> must contain the server's certificate. See <xref
+href="cadminsslkeys.dita#cadminsslkeys"></xref>.</p>
+
+<p>Client SSL with server authentication is enabled by the URL
 attribute <codeph>ssl</codeph> or the property <codeph>ssl</codeph>
-set to <codeph>peerAuthentication</codeph>.</p>
-<p>In addition, the system properties
-<codeph>javax.net.ssl.trustStore</codeph> and
+set to <codeph>peerAuthentication</codeph>. In addition, the system
+properties <codeph>javax.net.ssl.trustStore</codeph> and 
 <codeph>javax.net.ssl.trustStorePassword</codeph> need to be set.</p>
-<p>Example:</p>
+</section>
+<example>
+<title>Example:</title>
 <codeblock>
     System.setProperty("javax.net.ssl.trustStore","clientTrustStore.key");
     System.setProperty("javax.net.ssl.trustStorePassword","qwerty");
     Connection c = 
        getConnection("jdbc:derby://myhost:1527/db;ssl=peerAuthentication");
 </codeblock>
+</example>
+
+<section>
+<title>Running the client when the server does client authentication</title>
+If the server does client authentication, the client will need a key
+pair and a client certificate which is installed in the server's
+<i>trust store</i>, See <xref
+href="cadminsslkeys.dita#cadminsslkeys"></xref>. 
+<p>The client needs to set <codeph>javax.net.ssl.keyStore</codeph> and
+<codeph>javax.net.ssl.keyStorePassword</codeph>.</p> 
 </section>
 
+<example>
+<title>Example:</title>
+<codeblock>
+    System.setProperty("javax.net.ssl.keyStore","clientKeyStore.key");
+    System.setProperty("javax.net.ssl.keyStorePassword","qwerty");
+    Connection c = 
+       getConnection("jdbc:derby://myhost:1527/db;ssl=basic");
+</codeblock>
+</example>
+
 <section>
-<title>With peer authentication on both sides</title>
-<p>If the server is also in peer authentication mode, the client has
-to set <codeph>javax.net.ssl.keyStore</codeph> and <codeph>javax.net.ssl.keyStorePassword</codeph>.</p>
-<p>Example:</p>
+<title>Running the client when both parties do peer
+authentication</title>
+This is a combination of the two last variants.
+</section>
+
+<example>
+<title>Example:</title>
 <codeblock>
-    System.setProperty("javax.net.ssl.trustStore","clientTrustStore.key");
-    System.setProperty("javax.net.ssl.trustStorePassword","qwerty");
     System.setProperty("javax.net.ssl.keyStore","clientKeyStore.key");
     System.setProperty("javax.net.ssl.keyStorePassword","qwerty");
+    System.setProperty("javax.net.ssl.trustStore","clientTrustStore.key");
+    System.setProperty("javax.net.ssl.trustStorePassword","qwerty");
     Connection c = 
        getConnection("jdbc:derby://myhost:1527/db;ssl=peerAuthentication");
 </codeblock>
-</section>
+</example>
 
 </conbody>
 </concept>

Modified: db/derby/docs/branches/10.3/src/adminguide/cadminsslkeys.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.3/src/adminguide/cadminsslkeys.dita?view=diff&rev=551084&r1=551083&r2=551084
==============================================================================
--- db/derby/docs/branches/10.3/src/adminguide/cadminsslkeys.dita (original)
+++ db/derby/docs/branches/10.3/src/adminguide/cadminsslkeys.dita Wed Jun 27 00:24:13 2007
@@ -24,56 +24,94 @@
 </metadata></prolog>
 
 <conbody>
+<p>
+For SSL operation, the server always needs a key pair. If the server
+runs in peer authentication mode (the server authenticates the
+clients), then each client needs its own key pair. In general, if one
+end of the communication wants to authenticate its partner, then the
+first end needs to install a certificate generated by the partner.
+</p>
+<p>
+The key pair is located in a file which is called a <i>key store</i>
+and the JDK's SSL provider needs the system properties
+<codeph>javax.net.ssl.keyStore</codeph> and
+<codeph>javax.net.ssl.keyStorePassword</codeph> to access the key
+store.
+</p>
+<p>
+The certificates of trusted parties are installed in a file called a
+<i>trust store</i>. The JDK's SSL provider needs the system properties
+<codeph>javax.net.ssl.trustStore</codeph> and
+<codeph>javax.net.ssl.trustStorePassword</codeph> to access the trust
+store.
+</p>
 
 <section>
-<title>The server key pair</title>
-<p>For SSL operation, the server needs a key pair. To generate the
-key pair using <codeph>keytool</codeph>, use a command like the following. In
this
-example the key pair and corresponding certificate is valid for 7
-days:</p> 
+<title>Key pair generation</title>
+Key pairs are generated with <codeph>keytool -genkey</codeph>. The
+simplest way to generate a key pair is to do
 <codeblock>
-keytool -genkey -alias myDerbyServer -validity 7 -keystore serverKeyStore.key
+keytool -genkey &lt;alias&gt; -keystore &lt;keystore&gt;
 </codeblock>
+<codeph>ketool</codeph> will prompt for needed information like
+identity details and passwords. 
+<p>
+Consult the JDK documentation for more information on
+<codeph>keytool</codeph>.
+</p>
 </section>
 
 <section>
-<title>Install server certificate on the client (optional)</title>
-<p>If a client uses peer authentication (the client wants to
-authenticate the server), a server certificate has to be distributed to
-the client and imported into the client's <i>truststore</i> (a store
-of trusted keys).</p> 
-<p>
-With <codeph>keytool</codeph> the server certificate may be generated
-as follows:</p> 
+<title>Certificate generation</title>
+Certificates are generated with <codeph>keytool -export</codeph> like this:
 <codeblock>
-keytool -export -alias myDerbyServer -keystore serverKeyStore.key \
-        -rfc -file myServer.cert
+keytool -export -alias &lt;alias&gt; -keystore &lt;keystore&gt; \
+        -rfc -file &lt;certificate file&gt;
 </codeblock>
-And installed in the client's <i>truststore</i> as follows:
+The certificate file may then be distributed to the relevant parties.
+</section>
+
+<section>
+<title>Certificate installation</title>
+Installation of a certificate in a trust store is done with 
+<codeph>keytool -import</codeph> like this:
 <codeblock>
-keytool -import -alias myServerCert -file myServer.cert \
-        -keystore clientTrustStore.key
+keytool -import -alias &lt;alias&gt; -file &lt;certificate file&gt; \
+        -keystore &lt;trust store&gt;
 </codeblock>
 </section>
 
-<section>
-<title>Install client certificate on the server (optional)</title>
-<p>Optionally, the server may require peer authentication (the server
-wants to authenticate the clients). In this case, all clients need a
-key pair and all clients' certificates have to be installed in the
-server's <i>truststore</i>.</p> 
-<p>On the client, generate and export the certificate as follows</p>
+<example>
+<title>Examples</title>
+Generate the server key pair:
+<codeblock>
+keytool -genkey -alias myDerbyServer -keystore serverKeyStore.key
+</codeblock>
+Generate a server certificate:
+<codeblock>
+keytool -export -alias myDerbyServer -keystore serverKeyStore.key \
+        -rfc -file myServer.cert
+</codeblock>
+Generate a client key pair:
 <codeblock>
 keytool -genkey -alias aDerbyClient -keystore clientKeyStore.key
+</codeblock>
+Generate a client certficate:
+<codeblock>
 keytool -export -alias aDerbyClient -keystore clientKeyStore.key \
-        -rfc -file sClient.cert
+        -rfc -file aClient.cert
 </codeblock>
-<p>On the server, import the certificate as follows:</p>
+Install a client certificate in the server's trust store:
 <codeblock>
-keytool -import -alias aClientCert -file aClient.cert 
+keytool -import -alias aDerbyClient -file aClient.cert 
         -keystore serverTrustStore.key
 </codeblock>
-</section>
+Install the server certificate in a client's trust store:
+<codeblock>
+keytool -import -alias myDerbyServer -file myServer.cert 
+        -keystore clientTrustStore.key
+</codeblock>
+</example>
 
 </conbody>
 </concept>

Modified: db/derby/docs/branches/10.3/src/adminguide/cadminsslserver.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.3/src/adminguide/cadminsslserver.dita?view=diff&rev=551084&r1=551083&r2=551084
==============================================================================
--- db/derby/docs/branches/10.3/src/adminguide/cadminsslserver.dita (original)
+++ db/derby/docs/branches/10.3/src/adminguide/cadminsslserver.dita Wed Jun 27 00:24:13 2007
@@ -18,44 +18,57 @@
 limitations under the License.
 -->
 <concept id="cadminsslserver" xml:lang="en-us">
-<title>Starting the server</title>
+<title>Starting the server with SSL/TLS</title>
 <prolog><metadata>
 <keywords><indexterm>Network Server<indexterm>SSL</indexterm></indexterm><indexterm>Network
Server<indexterm>TLS</indexterm></indexterm><indexterm>SSL</indexterm><indexterm>TLS</indexterm></keywords>
 </metadata></prolog>
 
 <conbody>
+<p>
+For server SSL/TLS, a server key pair needs to be generated. If the
+server is going to do client authentication, the client sertificates
+need to be installed in the trust store. These operations are
+described in <xref href="cadminsslkeys.dita#cadminsslkeys"></xref>.
+</p>
 <p>SSL at the server side is activated with the property
-<codeph>derby.drda.sslMode</codeph> (default off) or the <codeph>-ssl</codeph>
option for the server
-start command. The property may have three values: <codeph>off</codeph>, <codeph>basic</codeph>
-and <codeph>peerAuthentication</codeph>.</p>
+<codeph>derby.drda.sslMode</codeph> (default off) or the
+<codeph>-ssl</codeph> option for the server start command. 
+</p>
 
 <section>
-<title>Normal mode (default)</title>
-<p><codeph>off</codeph>: Normal server operations without SSL</p>
-</section>
+<title>Starting the server with basic SSL encryption</title>
+When the SSL mode is set to <codeph>basic</codeph>, the server will
+only accept SSL encrypted connections.
 
-<section>
-<title>Basic SSL encryption</title>
-<p><codeph>basic</codeph>: SSL is on, no client authentication</p>
 <p>The properties <codeph>javax.net.ssl.keyStore</codeph> and
-<codeph>javax.net.ssl.keyStorePassword</codeph> need to be set with the proper
-values.</p>
-<p>Example:</p>
+<codeph>javax.net.ssl.keyStorePassword</codeph> need to be set with
+the proper values.</p>
+</section>
+<example><title>Example:</title>
 <codeblock>    
 java -Djavax.net.ssl.keyStore=serverKeyStore.key \
      -Djavax.net.ssl.keyStorePassword=qwerty \
      -jar derbyrun.jar server start -ssl basic
 </codeblock>
-</section>
+</example>
 
 <section>
-<title>SSL with peer (client) authentication</title>
-<p><codeph>peerAuthentication</codeph>: Same as <codeph>basic</codeph>
but with additional client
-authentication. The server needs all the clients' certificates
-installed in the <i>truststore</i>.</p>
-<p>The <codeph>javax.net.ssl.trustStore</codeph> and <codeph>javax.net.ssl.trustStorePassword</codeph>
-need to be set in addition to the properties above.</p>
-<p>Example:</p>
+<title>Starting a server which authenticates clients</title>
+
+<p>When the server's SSL mode is set to
+<codeph>peerAuthentication</codeph>, then the server authenticates its
+clients' identity in addition to encrypting network traffic. In this
+situation, the server's <i>trust store</i> must contain a certificate for
+each client which will connect.
+</p>
+<p>The <codeph>javax.net.ssl.trustStore</codeph> and
+<codeph>javax.net.ssl.trustStorePassword</codeph> need to be set in
+addition to the properties above.</p>
+<p>See <xref href="cadminsslclient.dita#cadminsslclient"></xref> for
+client settings when the server does client authentication</p>
+</section>
+<example>
+<title>Example:</title>
 <codeblock>
 java -Djavax.net.ssl.keyStore=serverKeyStore.key \
      -Djavax.net.ssl.keyStorePassword=qwerty \
@@ -63,7 +76,7 @@
      -Djavax.net.ssl.trustStorePassword=qwerty \
      -jar derbyrun.jar server start -ssl peerAuthentication
 </codeblock>
-</section>
+</example>
 
 </conbody>
 </concept>

Modified: db/derby/docs/branches/10.3/src/adminguide/derbyadmin.ditamap
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.3/src/adminguide/derbyadmin.ditamap?view=diff&rev=551084&r1=551083&r2=551084
==============================================================================
--- db/derby/docs/branches/10.3/src/adminguide/derbyadmin.ditamap (original)
+++ db/derby/docs/branches/10.3/src/adminguide/derbyadmin.ditamap Wed Jun 27 00:24:13 2007
@@ -192,16 +192,16 @@
 <topicref collection-type="family" href="cadminadvtops.dita" navtitle="Derby Network Server
advanced topics">
 <topicref href="cadminnetservsecurity.dita" navtitle="Network Server security">
 </topicref>
-<topicref collection-type="family" href="cadminssl.dita" navtitle="SSL/TLS">
-<topicref href="cadminsslkeys.dita" navtitle="Key and certificate handling"></topicref>
-<topicref href="cadminsslserver.dita" navtitle="Starting the server"></topicref>
-<topicref href="cadminsslclient.dita" navtitle="Running the client"></topicref>
-<topicref href="cadminssladmin.dita" navtitle="Other server commands (than start)"></topicref>
-</topicref>
 <topicref collection-type="family" href="tadminnetservrun.dita" navtitle="Running the
Network Server under the security manager">
 <topicref href="tadminnetservbasic.dita" navtitle="Basic Network Server security policy"></topicref>
 <topicref href="tadminnetservcustom.dita" navtitle="Customizing the Network Server's security
policy"></topicref>
 <topicref href="tadminnetservopen.dita" navtitle="Running the Network Server without a
security policy"></topicref>
+</topicref>
+<topicref collection-type="family" href="cadminssl.dita" navtitle="Network encryption
and authentication with SSL/TLS">
+<topicref href="cadminsslkeys.dita" navtitle="Key and certificate handling"></topicref>
+<topicref href="cadminsslserver.dita" navtitle="Starting the server with SSL/TLS"></topicref>
+<topicref href="cadminsslclient.dita" navtitle="Running the client with SSL/TLS"></topicref>
+<topicref href="cadminssladmin.dita" navtitle="Other server commands"></topicref>
 </topicref>
 <topicref href="tadminconfiguringthenetworkserver.dita" navtitle="Configuring the Network
Server to handle connections">
 </topicref>

Modified: db/derby/docs/branches/10.3/src/devguide/cdevcsecuree.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.3/src/devguide/cdevcsecuree.dita?view=diff&rev=551084&r1=551083&r2=551084
==============================================================================
--- db/derby/docs/branches/10.3/src/devguide/cdevcsecuree.dita (original)
+++ db/derby/docs/branches/10.3/src/devguide/cdevcsecuree.dita Wed Jun 27 00:24:13 2007
@@ -42,10 +42,10 @@
 <li><i>Validation of Certificate for Signed Jar Files</i>   <p>In
a Java 2
 environment, <ph conref="../conrefs.dita#prod/productshortname"></ph> validates
 certificates for classes loaded from signed jar files.</p>  </li>
-<li><i>SSL/TLS</i><p><ph
-conref="../conrefs.dita#prod/productshortname"></ph> Network Server
-communication may be encrypted with SSL/TLS. SSL/TLS certificate
-authentication is also supported. See <i>"SSL/TLS"</i> in
+<li><i>Network encryption and authentication</i><p><ph
+conref="../conrefs.dita#prod/productshortname"></ph>
+network traffic may be encrypted with SSL/TLS. SSL/TLS certificate
+authentication is also supported. See <i>"Network encryption and authentication with
SSL/TLS"</i> in the
 <cite><ph conref="../conrefs.dita#pub/citadmin"></ph></cite> for
 details.</p></li> 
 </ul>

Modified: db/derby/docs/branches/10.3/src/ref/rrefattribssl.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.3/src/ref/rrefattribssl.dita?view=diff&rev=551084&r1=551083&r2=551084
==============================================================================
--- db/derby/docs/branches/10.3/src/ref/rrefattribssl.dita (original)
+++ db/derby/docs/branches/10.3/src/ref/rrefattribssl.dita Wed Jun 27 00:24:13 2007
@@ -30,7 +30,7 @@
 <p>Specifies the SSL mode of the client. The
 <i>sslMode</i> can be <codeph>basic</codeph>,
 <codeph>peerAuthentication</codeph>, or <codeph>off</codeph> (the
-default). See <i>"SSL/TLS"</i> in <cite><ph
+default). See <i>"Network encryption and authentication with SSL/TLS"</i> in
the <cite><ph
 conref="../conrefs.dita#pub/citadmin"></ph></cite> for
 details.
 </p></section> 



Mime
View raw message