Extensive documentation on the directives and environment variables +provided by this module is provided in the mod_ssl reference documentation.

for use in the - mod_ssl project (http://www.modssl.org/)." - THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY - EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RALF S. ENGELSCHALL OR - HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - OF THE POSSIBILITY OF SUCH DAMAGE. ---> - - - - - -

- - - - -

-
- - - - - - - - - - -

- - - - - - - -

- mod_ssl version 2.8 -

-
-

- - - - - - - -

- Ralf S. Engelschall
- rse@engelschall.com
- www.engelschall.com
- - - -
Overview - - -

- +

+ 1.2 +37 -310 httpd-2.0/docs/manual/ssl/ssl_intro.html Index: ssl_intro.html =================================================================== RCS file: /home/cvs/httpd-2.0/docs/manual/ssl/ssl_intro.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -d -b -u -r1.1 -r1.2 --- ssl_intro.html 2001/11/05 17:42:41 1.1 +++ ssl_intro.html 2001/11/06 19:09:51 1.2 @@ -1,234 +1,23 @@ - - -mod_ssl: Introduction - - + + +Apache SSL/TLS Encryption: An Introduction - - - - - - -

- - - - -

- - - - - - - - - - - - - -

- - - - - -

- mod_ssl -

- - - - - -

Overview -

Reference -

-
- Introduction

+ + + + +

SSL/TLS Strong Encryption: An Introduction

@@ -250,11 +39,7 @@

- - - - -
- -s an introduction this chapter is aimed at readers who are familiar +As an introduction this chapter is aimed at readers who are familiar with the Web, HTTP, and Apache, but are not security experts. It is not intended to be a definitive guide to the SSL protocol, nor does it discuss specific techniques for managing certificates in an organization, or the @@ -281,45 +66,29 @@    -
- - - - - - - -
- -Table Of Contents - -
- -        Cryptographic Techniques
-                Cryptographic Algorithms
-                Message Digests
-                Digital Signatures
-        Certificates
-                Certificate Contents
-                Certificate Authorities
-                        Certificate Chains
-                        Creating a Root-Level CA
-                        Certificate Management
-        Secure Sockets Layer (SSL)
-                Session Establishment
-                Key Exchange Method
-                Cipher for Data Transfer
-                Digest Function
-                Handshake Sequence Protocol
-                Data Transfer
-                Securing HTTP Communication
-        References
- -
-
-
+ +

Cryptographic Techniques
Cryptographic Algorithms
Message Digests
Digital Signatures
Certificates
Certificate Contents
Certificate Authorities
Certificate Chains
Creating a Root-Level CA
Certificate Management
Secure Sockets Layer (SSL)
Session Establishment
Key Exchange Method
Cipher for Data Transfer
Digest Function
Handshake Sequence Protocol
Data Transfer
Securing HTTP Communication
References

Cryptographic Techniques

Understanding SSL requires an understanding of cryptographic algorithms, message digest functions (aka. one-way or hash functions), and digital @@ -872,48 +641,6 @@ href="ftp://ftp.ietf.org/internet-drafts/draft-ietf-tls-protocol-06.txt"> ftp://ftp.ietf.org/internet-drafts/draft-ietf-tls-protocol-06.txt. -

-
- - - - - - - - - - -
- - - - - -
-
Overview - -
Reference -
-
- - - - -
- mod_ssl 2.8, User Manual
- The Apache Interface to OpenSSL - - - Copyright © 1998-2001 - Ralf S. Engelschall
- All Rights Reserved
- -
-
-

- +

+ 1.2 +29 -304 httpd-2.0/docs/manual/ssl/ssl_compat.html Index: ssl_compat.html =================================================================== RCS file: /home/cvs/httpd-2.0/docs/manual/ssl/ssl_compat.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -d -b -u -r1.1 -r1.2 --- ssl_compat.html 2001/11/05 17:42:41 1.1 +++ ssl_compat.html 2001/11/06 19:09:51 1.2 @@ -1,234 +1,23 @@ - - -mod_ssl: Compatibility - - + + +Apache SSL/TLS Encryption: Compatibility - - - - - - -

- - -

- - - - - - - - - - - - - -

- - - - - -

- mod_ssl -

- - - - - -

Reference -

HowTo -

-
- Compatibility

+ + + + +

SSL/TLS Strong Encryption: Compatibility

@@ -249,11 +38,7 @@

- - - - - - -
- -ere we talk about backward compatibility to other SSL solutions. As you +Here we talk about backward compatibility to other SSL solutions. As you perhaps know, mod_ssl is not the only existing SSL solution for Apache. Actually there are four additional major products available on the market: Ben Laurie's freely available Apache-SSL @@ -264,41 +49,21 @@ and finally C2Net's commercial product Stronghold (based on a different evolution branch named Sioux up to Stronghold 2.x and based on -mod_ssl since Stronghold 3.x). - -   - -
- - - - - - - -
- -Table Of Contents - -
- -        Configuration Directives
-        Environment Variables
-        Custom Log Functions
- -
-
-
+mod_ssl since Stronghold 3.x).

The idea in mod_ssl is mainly the following: because mod_ssl provides mostly a superset of the functionality of all other solutions we can easily provide backward compatibility for most of the cases. Actually there are three compatibility areas we currently address: configuration directives, environment variables and custom log functions. + +

Configuration Directives
Environment Variables
Custom Log Functions

Configuration Directives

For backward compatibility to the configuration directives of other SSL solutions we do an on-the-fly mapping: directives which have a direct @@ -308,7 +73,9 @@ compatibilty is provided only for Apache-SSL 1.x and mod_ssl 2.0.x. Compatibility to Sioux 1.x and Stronghold 2.x is only partial because of special functionality in these interfaces which mod_ssl (still) doesn't -provide. +provide.

+ +

@@ -472,8 +239,8 @@

Custom Log Functions

When mod_ssl is built into Apache or at least loaded (under DSO situation) additional functions exist for the Custom Log Format of mod_log_config as documented in the Reference +href="../mod/mod_log_config.html#formats">Custom Log Format of mod_log_config as documented in the Reference Chapter. Beside the ``%{varname}x'' eXtension format function which can be used to expand any variables provided by any module, an additional Cryptography @@ -503,49 +270,7 @@

-
- - - - - - - - - - -
- - - - - -
-
Reference - -
HowTo -
-
- - - - -
- mod_ssl 2.8, User Manual
- The Apache Interface to OpenSSL - - - Copyright © 1998-2001 - Ralf S. Engelschall
- All Rights Reserved
- -
-
- - - - +

+ 1.2 +42 -316 httpd-2.0/docs/manual/ssl/ssl_howto.html Index: ssl_howto.html =================================================================== RCS file: /home/cvs/httpd-2.0/docs/manual/ssl/ssl_howto.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -d -b -u -r1.1 -r1.2 --- ssl_howto.html 2001/11/05 17:42:41 1.1 +++ ssl_howto.html 2001/11/06 19:09:51 1.2 @@ -1,234 +1,24 @@ - - -mod_ssl: HowTo - - + + +Apache SSL/TLS Encryption: How-To - - - - - - -

- - -

- - - - - - - - - - - - - -

- - - - - -

- mod_ssl -

- - - - - -

Compatibility -

F.A.Q. List -

-
- HowTo

+ + + + +

SSL/TLS Strong Encryption: How-To

+ +

@@ -248,53 +38,29 @@

- - - - - - -
- -ow to solve particular security constraints for an SSL-aware webserver +How to solve particular security constraints for an SSL-aware webserver is not always obvious because of the coherences between SSL, HTTP and Apache's way of processing requests. This chapter gives instructions on how to solve such typical situations. Treat is as a first step to find out the final solution, but always try to understand the stuff before you use it. Nothing is worse than using a security solution without knowing it's restrictions and coherences. - -   - -
- - - - - - - -
- -Table Of Contents - -
- -        Cipher Suites and Enforced Strong Security
-                SSLv2 only server
-                strong encryption only server
-                server gated cryptography
-                stronger per-directory requirements
-        Client Authentication and Access Control
-                simple certificate-based client authentication
-                selective certificate-based client authentication
-                particular certificate-based client authentication
-                intranet vs. internet authentication
- -
-
-
+ +

Cipher Suites and Enforced Strong Security
SSLv2 only server
strong encryption only server
server gated cryptography
stronger per-directory requirements
Client Authentication and Access Control
simple certificate-based client authentication
selective certificate-based client authentication
particular certificate-based client authentication
intranet vs. internet authentication

Cipher Suites and Enforced Strong Security

@@ -303,7 +69,7 @@ How can I create a real SSLv2-only server? - [L] + [L]

The following creates an SSL server which speaks only the SSLv2 protocol and its ciphers. @@ -352,7 +118,7 @@ How can I create an SSL server which accepts strong encryption only? - [L] + [L]

The following enables only the seven strongest ciphers:

@@ -401,7 +167,7 @@ How can I create an SSL server which accepts strong encryption only, but allows export browsers to upgrade to stronger encryption? - [L] + [L]

This facility is called Server Gated Cryptography (SGC) and details you can find in the README.GlobalID document in the mod_ssl distribution. @@ -465,7 +231,7 @@ How can I create an SSL server which accepts all types of ciphers in general, but requires a strong ciphers for access to a particular URL? - [L] + [L]

Obviously you cannot just use a server-wide SSLCipherSuite which restricts the ciphers to the strong variants. But mod_ssl allows you to @@ -525,7 +291,7 @@ How can I authenticate clients based on certificates when I know all my clients? - [L] + [L]

When you know your user community (i.e. a closed user group situation), as it's the case for instance in an Intranet, you can use plain certificate @@ -581,7 +347,7 @@ How can I authenticate my clients for a particular URL based on certificates but still allow arbitrary clients to access the remaining parts of the server? - [L] + [L]

For this we again use the per-directory reconfiguration feature of mod_ssl:

@@ -635,7 +401,7 @@ on certificates but still allow arbitrary clients to access the remaining parts of the server? - [L] + [L]

The key is to check for various ingredients of the client certficate. Usually this means to check the whole or part of the Distinguished Name (DN) of the @@ -797,7 +563,7 @@ coming from the Internet but still allow plain HTTP access for clients on the Intranet? - [L] + [L]

Let us assume the Intranet can be distinguished through the IP network 192.160.1.0/24 and the subarea on the Intranet website has the URL @@ -875,6 +641,7 @@

+ @@ -882,48 +649,7 @@ -

-
- - - - - - - - - - -
- - - - - -
-
Compatibility - -
F.A.Q. List -
-
- - - - -
- mod_ssl 2.8, User Manual
- The Apache Interface to OpenSSL - - - Copyright © 1998-2001 - Ralf S. Engelschall
- All Rights Reserved
- -
-
- - - -

- + +

+ 1.2 +144 -405 httpd-2.0/docs/manual/ssl/ssl_faq.html Index: ssl_faq.html =================================================================== RCS file: /home/cvs/httpd-2.0/docs/manual/ssl/ssl_faq.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -d -b -u -r1.1 -r1.2 --- ssl_faq.html 2001/11/05 17:42:41 1.1 +++ ssl_faq.html 2001/11/06 19:09:51 1.2 @@ -1,234 +1,24 @@ - - -mod_ssl: F.A.Q. - - + + +Apache SSL/TLS Encryption: FAQ - - - - - - -

- - - - -

- - - - - - - - - - - - - -

- - - - - -

- mod_ssl -

- - - - - -

HowTo -

Glossary -

-
- F.A.Q.

+ + + + +

SSL/TLS Strong Encryption: FAQ

+ +

@@ -248,12 +38,9 @@

About the module +
About Installation

Core dumps for HTTPS requests?
Core dumps for Apache+mod_ssl+PHP3?
Undefined symbols on startup?
Permission problem on SSLMutex
Shared memory and process size?
Shared memory and pathname?
PRNG and not enough entropy?

About Configuration

HTTP and HTTPS with a single server?
Where is the HTTPS port?
How to test HTTPS manually?
Why does my connection hang?
Why do I get connection refused?
Why are the SSL_XXX variables missing?
How to switch with relative hyperlinks?

About Certificates

What are Keys, CSRs and Certs?
Difference on startup?
How to create a dummy cert?
How to create a real cert?
How to create my own CA?
How to change a pass phrase?
How to remove a pass phrase?
How to verify a key/cert pair?
Bad Certificate Error?
Why does a 2048-bit key not work?
Why is client auth broken?
How to convert from PEM to DER?
Verisign and the magic getca program?
Global IDs or SGC?
Global IDs and Cert Chain?

About SSL Protocol

Random SSL errors under heavy load?
Why has the server a higher load?
Why are connections horribly slow?
Which ciphers are supported?
How to use Anonymous-DH ciphers
Why do I get 'no shared ciphers'?
HTTPS and name-based vhosts
The lock icon in Netscape locks very late
Why do I get I/O errors with MSIE clients?
Why do I get I/O errors with NS clients?

About Support

Resources in case of problems?
Support in case of problems?
How to write a problem report?
I got a core dump, can you help me?
How to get a backtrace?

+ +

About the module

@@ -354,7 +133,7 @@ What is the history of mod_ssl? - [L] + [L]

The mod_ssl v1 package was initially created in April 1998 by Ralf S. Engelschall via porting - [L] + [L]

This neither can be answered in short (there were too many code changes) nor can be answered at all by the author (there would immediately be flame @@ -422,7 +201,7 @@ What are the major differences between mod_ssl and the commercial alternatives like Raven or Stronghold? - [L] + [L]

In the past (until September 20th, 2000) the major difference was the RSA license which one received (very cheaply in contrast to @@ -471,7 +250,7 @@ How do I know which mod_ssl version is for which Apache version? - [L] + [L]

That's trivial: mod_ssl uses version strings of the syntax <mod_ssl-version>-<apache-version>, for @@ -486,7 +265,7 @@ Is mod_ssl Year 2000 compliant? - [L] + [L]

Yes, mod_ssl is Year 2000 compliant.

@@ -511,7 +290,7 @@ What about mod_ssl and the Wassenaar Arrangement? - [L] + [L]

First, let us explain what Wassenaar and it's Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and @@ -570,7 +349,7 @@ When I access my website the first time via HTTPS I get a core dump? - [L] + [L]

There can be a lot of reasons why a core dump can occur, of course. Ranging from buggy third-party modules, over buggy vendor libraries up to @@ -586,7 +365,7 @@ My Apache dumps core when I add both mod_ssl and PHP3? - [L] + [L]

Make sure you add mod_ssl to the Apache source tree first and then do a fresh configuration and installation of PHP3. For SSL support EAPI patches @@ -599,7 +378,7 @@ When I startup Apache I get errors about undefined symbols like ap_global_ctx? - [L] + [L]

This actually means you installed mod_ssl as a DSO, but without rebuilding Apache with EAPI. Because EAPI is a requirement for mod_ssl, you need an @@ -612,7 +391,7 @@ When I startup Apache I get permission errors related to SSLMutex? - [L] + [L]

When you receive entries like ``mod_ssl: Child could not open SSLMutex lockfile /opt/apache/logs/ssl_mutex.18332 (System error follows) @@ -629,7 +408,7 @@ When I use the MM library and the shared memory cache each process grows 1.5MB according to `top' although I specified 512000 as the cache size? - [L] + [L]

The additional 1MB are caused by the global shared memory pool EAPI allocates for all modules and which is not used by mod_ssl for @@ -648,7 +427,7 @@ EAPI_MM_CORE_PATH define. Is there a way to override the path using a configuration directive? - [L] + [L]

No, there is not configuration directive, because for technical bootstrapping reasons, a directive not possible at all. Instead @@ -663,7 +442,7 @@ "Failed to generate temporary 512 bit RSA private key", why? And a "PRNG not seeded" error occurs if I try "make certificate". - [L] + [L]

Cryptographic software needs a source of unpredictable data to work correctly. Many open source operating systems provide @@ -692,7 +471,7 @@ Is it possible to provide HTTP and HTTPS with a single server? - [L] + [L]

Yes, HTTP and HTTPS use different server ports, so there is no direct conflict between them. Either run two separate server instances (one binds @@ -706,7 +485,7 @@ I know that HTTP is on port 80, but where is HTTPS? - [L] + [L]

You can run HTTPS on any port, but the standards specify port 443, which is where any HTTPS compliant browser will look by default. You can force @@ -718,7 +497,7 @@ How can I speak HTTPS manually for testing purposes? - [L] + [L]

While you usually just use

@@ -749,7 +528,7 @@ Why does the connection hang when I connect to my SSL-aware Apache server? - [L] + [L]

Because you connected with HTTP to the HTTPS port, i.e. you used an URL of the form ``http://'' instead of ``https://''. @@ -765,7 +544,7 @@ Why do I get ``Connection Refused'' messages when trying to access my freshly installed Apache+mod_ssl server via HTTPS? - [L] + [L]

There can be various reasons. Some of the common mistakes is that people start Apache with just ``apachectl start'' (or @@ -782,7 +561,7 @@ In my CGI programs and SSI scripts the various documented SSL_XXX variables do not exists. Why? - [L] + [L]

Just make sure you have ``SSLOptions +StdEnvVars'' enabled for the context of your CGI/SSI requests. @@ -792,7 +571,7 @@ How can I use relative hyperlinks to switch between HTTP and HTTPS? - [L] + [L]

Usually you have to use fully-qualified hyperlinks because you have to change the URL scheme. But with the help of some URL @@ -818,7 +597,7 @@ What are RSA Private Keys, CSRs and Certificates? - [L] + [L]

The RSA private key file is a digital file that you can use to decrypt messages sent to you. It has a public component which you distribute (via @@ -838,7 +617,7 @@ Seems like there is a difference on startup between the original Apache and an SSL-aware Apache? - [L] + [L]

Yes, in general, starting Apache with a built-in mod_ssl is just like starting an unencumbered Apache, except for the fact that when you have a @@ -856,7 +635,7 @@ How can I create a dummy SSL server Certificate for testing purposes? - [L] + [L]

A Certificate does not have to be signed by a public CA. You can use your private key to sign the Certificate which contains your public key. You @@ -881,7 +660,7 @@ Ok, I've got my server installed and want to create a real SSL server Certificate for it. How do I do it? - [L] + [L]

Here is a step-by-step description:

@@ -978,7 +757,7 @@ How can I create and use my own Certificate Authority (CA)? - [L] + [L]

The short answer is to use the CA.sh or CA.pl script provided by OpenSSL. The long and manual answer is this: @@ -1030,7 +809,7 @@ How can I change the pass-phrase on my private key file? - [L] + [L]

You simply have to read it with the old pass-phrase and write it again by specifying the new pass-phrase. You can accomplish this with the following @@ -1048,7 +827,7 @@ How can I get rid of the pass-phrase dialog at Apache startup time? - [L] + [L]

The reason why this dialog pops up at startup and every re-start is that the RSA private key inside your server.key file is stored in @@ -1085,7 +864,7 @@ How do I verify that a private key matches its Certificate? - [L] + [L]

The private key contains a series of numbers. Two of those numbers form the "public key", the others are part of your "private key". The "public @@ -1118,7 +897,7 @@ What does it mean when my connections fail with an "alert bad certificate" error? - [L] + [L]

Usually when you see errors like ``OpenSSL: error:14094412: SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate'' in the SSL @@ -1131,7 +910,7 @@ Why does my 2048-bit private key not work? - [L] + [L]

The private key sizes for SSL must be either 512 or 1024 for compatibility with certain web browsers. A keysize of 1024 bits is recommended because @@ -1145,7 +924,7 @@ Why is client authentication broken after upgrading from SSLeay version 0.8 to 0.9? - [L] + [L]

The CA certificates under the path you configured with SSLCACertificatePath are found by SSLeay through hash @@ -1160,7 +939,7 @@ How can I convert a certificate from PEM to DER format? - [L] + [L]

The default certificate format for SSLeay/OpenSSL is PEM, which actually is Base64 encoded DER with header and footer lines. For some applications @@ -1175,7 +954,7 @@ I try to install a Verisign certificate. Why can't I find neither the getca nor getverisign programs Verisign mentions? - [L] + [L]

This is because Verisign has never provided specific instructions for Apache+mod_ssl. Rather they tell you what you should do @@ -1195,7 +974,7 @@ Can I use the Server Gated Cryptography (SGC) facility (aka Verisign Global ID) also with mod_ssl? - [L] + [L]

Yes, mod_ssl since version 2.1 supports the SGC facility. You don't have to configure anything special for this, just use a Global ID as your @@ -1209,7 +988,7 @@ After I have installed my new Verisign Global ID server certificate, the browsers complain that they cannot verify the server certificate? - [L] + [L]

That is because Verisign uses an intermediate CA certificate between the root CA certificate (which is installed in the browsers) and @@ -1230,7 +1009,7 @@ Why do I get lots of random SSL protocol errors under heavy server load? - [L] + [L]

There can be a number of reasons for this, but the main one is problems with the SSL session Cache specified by the @@ -1243,7 +1022,7 @@ Why has my webserver a higher load now that I run SSL there? - [L] + [L]

Because SSL uses strong cryptographic encryption and this needs a lot of number crunching. And because when you request a webpage via HTTPS even @@ -1256,7 +1035,7 @@ Often HTTPS connections to my server require up to 30 seconds for establishing the connection, although sometimes it works faster? - [L] + [L]

Usually this is caused by using a /dev/random device for SSLRandomSeed which is blocking in read(2) calls if not @@ -1268,7 +1047,7 @@ What SSL Ciphers are supported by mod_ssl? - [L] + [L]

Usually just all SSL ciphers which are supported by the version of OpenSSL in use (can depend on the way you built @@ -1295,7 +1074,7 @@ I want to use Anonymous Diffie-Hellman (ADH) ciphers, but I always get ``no shared cipher'' errors? - [L] + [L]

In order to use Anonymous Diffie-Hellman (ADH) ciphers, it is not enough to just put ``ADH'' into your SSLCipherSuite. @@ -1310,7 +1089,7 @@ I always just get a 'no shared ciphers' error if I try to connect to my freshly installed server? - [L] + [L]

Either you have messed up your SSLCipherSuite directive (compare it with the pre-configured example in @@ -1329,7 +1108,7 @@ Why can't I use SSL with name-based/non-IP-based virtual hosts? - [L] + [L]

The reason is very technical. Actually it's some sort of a chicken and egg problem: The SSL protocol layer stays below the HTTP protocol layer @@ -1350,7 +1129,7 @@ still show the unlocked state when the dialog pops up. Does this mean the username/password is still transmitted unencrypted? - [L] + [L]

No, the username/password is already transmitted encrypted. The icon in Netscape browsers is just not really synchronized with the SSL/TLS layer @@ -1368,7 +1147,7 @@ When I connect via HTTPS to an Apache+mod_ssl+OpenSSL server with Microsoft Internet Explorer (MSIE) I get various I/O errors. What is the reason? - [L] + [L]

The first reason is that the SSL implementation in some MSIE versions has some subtle bugs related to the HTTP keep-alive facility and the SSL close @@ -1429,7 +1208,7 @@ get I/O errors and the message "Netscape has encountered bad data from the server" What's the reason? - [L] + [L]

The problem usually is that you had created a new server certificate with the same DN, but you had told your browser to accept forever the old @@ -1448,15 +1227,15 @@ What information resources are available in case of mod_ssl problems? - [L] + [L]

The following information resources are available. In case of problems you should search here first.

Answers in the User Manual's F.A.Q. List (this) - - http://www.modssl.org/docs/2.8/ssl_faq.html + + http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html First look inside the F.A.Q. (this text), perhaps your problem is such popular that it was already answered a lot of times in the past. @@ -1479,7 +1258,7 @@ What support contacts are available in case of mod_ssl problems? - [L] + [L] The following lists all support possibilities for mod_ssl, in order of preference, i.e. start in this order and do not pick the support possibility @@ -1516,7 +1295,7 @@ What information and details I've to provide to the author when writing a bug report? - [L] + [L] You have to at least always provide the following information: @@ -1555,7 +1334,7 @@ I got a core dump, can you help me? - [L] + [L] In general no, at least not unless you provide more details about the code location where Apache dumped core. What is usually always required in @@ -1568,7 +1347,7 @@ Ok, I got a core dump but how do I get a backtrace to find out the reason for it? - [L] + [L] Follow the following steps: @@ -1596,48 +1375,8 @@ this backtrace to the author.

- - - - - - - - - - - - - - - - - - - - HowTo - - Glossary - - - - - - - - mod_ssl 2.8, User Manual - The Apache Interface to OpenSSL - - - Copyright © 1998-2001 - Ralf S. Engelschall - All Rights Reserved - - - -

- + + +

+ 1.2 +16 -245 httpd-2.0/docs/manual/ssl/ssl_glossary.html Index: ssl_glossary.html =================================================================== RCS file: /home/cvs/httpd-2.0/docs/manual/ssl/ssl_glossary.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -d -b -u -r1.1 -r1.2 --- ssl_glossary.html 2001/11/05 17:42:41 1.1 +++ ssl_glossary.html 2001/11/06 19:09:51 1.2 @@ -1,213 +1,23 @@ - - -mod_ssl: Glossary - - + + +Apache SSL/TLS Encryption: Glossary - - - - -

- - - - -

- - - - - - - - - - - - - -

- - - - - -

- mod_ssl -

- - - - - -

F.A.Q. List -

-
- Glossary

+ + + + +

SSL/TLS Strong Encryption: Glossary

@@ -227,6 +37,7 @@

Authentication: The positive identification of a network entity such as a server, a @@ -367,47 +178,7 @@; An authentication certificate scheme recommended by the International Telecommunication Union (ITU-T) which is used for SSL/TLS authentication.

-
- - - - - - - - - - -
- - - - - -
-
F.A.Q. List - -
-
- - - - -
- mod_ssl 2.8, User Manual
- The Apache Interface to OpenSSL - - - Copyright © 1998-2001 - Ralf S. Engelschall
- All Rights Reserved
- -
-
-

- + +

+ 1.1 httpd-2.0/docs/manual/ssl/header.html Index: header.html ===================================================================

Apache HTTP Server Version 2.0

1.1 httpd-2.0/docs/manual/ssl/footer.html Index: footer.html ===================================================================

Apache HTTP Server Version 2.0