Return-Path: <commits-return-18065-archive-asf-public=cust-asf.ponee.io@geode.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id E9D5C200C3F
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Wed,  8 Mar 2017 02:33:49 +0100 (CET)
Received: by cust-asf.ponee.io (Postfix)
	id E8701160B74; Wed,  8 Mar 2017 01:33:49 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 3F971160B68
	for <archive-asf-public@cust-asf.ponee.io>; Wed,  8 Mar 2017 02:33:49 +0100 (CET)
Received: (qmail 47968 invoked by uid 500); 8 Mar 2017 01:33:48 -0000
Mailing-List: contact commits-help@geode.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@geode.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@geode.apache.org>
List-Post: <mailto:commits@geode.apache.org>
List-Id: <commits.geode.apache.org>
Reply-To: dev@geode.apache.org
Delivered-To: mailing list commits@geode.apache.org
Received: (qmail 47958 invoked by uid 99); 8 Mar 2017 01:33:48 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 08 Mar 2017 01:33:48 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33)
	id 5854CDFC4A; Wed,  8 Mar 2017 01:33:48 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
From: dbarnes@apache.org
To: commits@geode.apache.org
Message-Id: <34df30012d704f6ca8ddeb21978a157e@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: geode-native git commit: GEODE-2603 Native client doc: Update SSL page
Date: Wed,  8 Mar 2017 01:33:48 +0000 (UTC)
archived-at: Wed, 08 Mar 2017 01:33:50 -0000

Repository: geode-native
Updated Branches:
  refs/heads/develop 06e8f39a0 -> 1176deea3


GEODE-2603 Native client doc: Update SSL page


Project: http://git-wip-us.apache.org/repos/asf/geode-native/repo
Commit: http://git-wip-us.apache.org/repos/asf/geode-native/commit/1176deea
Tree: http://git-wip-us.apache.org/repos/asf/geode-native/tree/1176deea
Diff: http://git-wip-us.apache.org/repos/asf/geode-native/diff/1176deea

Branch: refs/heads/develop
Commit: 1176deea39296e836ab86534d3ac52fb14872ec6
Parents: 06e8f39
Author: Dave Barnes <dbarnes@pivotal.io>
Authored: Tue Mar 7 17:33:46 2017 -0800
Committer: Dave Barnes <dbarnes@pivotal.io>
Committed: Tue Mar 7 17:33:46 2017 -0800

----------------------------------------------------------------------
 .../security/sslclientserver.html.md.erb        | 42 +++++++++++++-------
 1 file changed, 27 insertions(+), 15 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/geode-native/blob/1176deea/docs/geode-native-docs/security/sslclientserver.html.md.erb
----------------------------------------------------------------------
diff --git a/docs/geode-native-docs/security/sslclientserver.html.md.erb b/docs/geode-native-docs/security/sslclientserver.html.md.erb
index 6fd9ba7..89bb284 100644
--- a/docs/geode-native-docs/security/sslclientserver.html.md.erb
+++ b/docs/geode-native-docs/security/sslclientserver.html.md.erb
@@ -29,25 +29,36 @@ Follow these instructions to download and install OpenSSL for your specific oper
 
 The native client requires OpenSSL 1.0.1t or later. For Windows platforms, you can use either the regular or the OpenSSL 1.0.1t "Light" version.
 
-**Note:**
-If you use Cygwin, it is recommended that you do not use the OpenSSL library that comes with Cygwin because it is built with `cygwin.dll` as a dependency.
+**Note for Windows users:** If you use Cygwin, do not use the OpenSSL library that comes with
+Cygwin, which is built with `cygwin.dll` as a dependency. Instead, download a fresh copy from
+OpenSSL as described in the following section.
 
 ## Step 1. Download and install OpenSSL
 
-### <a id="security__section_5C95C2E4D9244B27BF8FD178E402D993" class="no-quick-link"></a>Linux
+To install OpenSSL:
 
-Download the OpenSSL tarball archive from the OpenSSL web site at [http://www.openssl.org/source/](http://www.openssl.org/source/). Copy the downloaded tarball file into `NativeClient_xxxx/templates/security/openssl/Linux` and run `buildit.sh`.
+1. Download the OpenSSL archive from the [OpenSSL web site](http://www.openssl.org/source/). 
 
-### <a id="security__section_93651F296C1A4EA5A3FA045EC15FB506" class="no-quick-link"></a>Solaris
+2. Extract the archive in a directory of your choice. For example:
 
-Download the OpenSSL tarball archive from the OpenSSL web site at [http://www.openssl.org/source/](http://www.openssl.org/source/). Copy the downloaded tarball file into `NativeClient_xxxx/templates/security/openssl/SunOS` and run `buildit.sh`.
-
-### <a id="security__section_68961A8829D44BFB8F542F3317464E5E" class="no-quick-link"></a>Windows
+    ```
+    $ tar xvzf openssl-1.0.1u.tar.gz
+    x openssl-1.0.1u/ACKNOWLEDGMENTS
+    x openssl-1.0.1u/apps/
+    x openssl-1.0.1u/apps/app_rand.c
+    ...
+    ```
 
-Download the installer for OpenSSL from [http://www.openssl.org/related/binaries.html](http://www.openssl.org/related/binaries.html). You can also use the OpenSSL "Light" version.
+3. Look in the top-level directory of the source distribution to identify the installation instructions for your operating system:
 
-Use the downloaded OpenSSL installer to install it on Windows. You can usually accept the default installation path (`C:\OpenSSL`).
+    ```
+    $ cd openssl-1.0.1u
+    $ ls INSTALL*
+    INSTALL        INSTALL.DJGPP      INSTALL.MacOS      INSTALL.NW        INSTALL.OS2
+    INSTALL.VMS    INSTALL.W32        INSTALL.W64        INSTALL.WCE
+    ```
 
+4. Build the OpenSSL library by following the instructions for your operating system.
 
 ## Step 2. Create keystores
 
@@ -75,7 +86,7 @@ Configure your system environment to build and run OpenSSL. Follow the environme
 <code>
 \> set GFCPP=_product-dir_<br />
 \> set OPENSSL=_path-to-installed-openssl_<br />
-\> set PATH=_path-to-jdk-or-jre_\bin;%GFCPP%\bin;%GFCPP%\ssl\_libs;%OPENSSL%\bin;%PATH%<br />
+\> set PATH=_jdk-or-jre-path_\bin;%GFCPP%\bin;%GFCPP%\ssl\_libs;%OPENSSL%\bin;%PATH%<br />
 \> set CLASSPATH=_path-to-gemfire-installation_\lib\gfSecurityImpl.jar;%CLASSPATH%
 </code>
 
@@ -88,16 +99,17 @@ Configure SSL properties.
 1.  In `gfcpp.properties`, set `ssl-enabled` to true and set `ssl-keystore` and `ssl-truststore` to point to your keystore files. See [Security-Related System Properties (gfcpp.properties)](security-systemprops.html#security) for a description of these properties.
 2.  On each locator, enable SSL and set the following SSL properties in the locator’s `gemfire.properties` file:
 
-    ``` pre
+    ```
     ssl-enabled-components=server,locator
     ssl-protocols=any
     ssl-ciphers=SSL_RSA_WITH_NULL_SHA
     ```
+    Make sure your choice of cipher matches a cipher supported on the server.
 
+# Starting and stopping the client and server with SSL in place
 
-## Step 5. Start and stop the client and server
-
-Before you start and stop the client and server, make sure you configure the native client with the SSL properties as described and with the servers or locators specified as usual.
+Before you start and stop the client and server, make sure you configure the native client with the
+SSL properties as described and with the servers or locators specified as usual.
 
 Specifically, ensure that: