httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject svn commit: r733695 - in /httpd/httpd/trunk/docs/manual/mod: mod_ssl.html.en mod_ssl.xml
Date Mon, 12 Jan 2009 11:33:17 GMT
Author: jorton
Date: Mon Jan 12 03:33:14 2009
New Revision: 733695

URL: http://svn.apache.org/viewvc?rev=733695&view=rev
Log:
* docs/manual/mod/mod_ssl.xml: Flesh out SSLRenegBufferSize
 docs a little - thanks rpluem!

Modified:
    httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en
    httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml

Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en?rev=733695&r1=733694&r2=733695&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en Mon Jan 12 03:33:14 2009
@@ -1416,7 +1416,7 @@
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
 <div class="directive-section"><h2><a name="SSLRenegBufferSize" id="SSLRenegBufferSize">SSLRenegBufferSize</a>
<a name="sslrenegbuffersize" id="sslrenegbuffersize">Directive</a></h2>
 <table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Set
the size for the SSL renogotiation buffer</td></tr>
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Set
the size for the SSL renegotiation buffer</td></tr>
 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLRenegBufferSize
<var>bytes</var></code></td></tr>
 <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSLRenegBufferSize
131072</code></td></tr>
 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory,
.htaccess</td></tr>
@@ -1424,11 +1424,20 @@
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
 </table>
-<p>
-Configure the amount of memory that will be used for buffering the
-request body if a per-location SSL renegotiation is required due to
-changed access control requirements.
-</p>
+
+<p>If an SSL renegotiation is required in per-location context, for
+example, any use of <code class="directive"><a href="#sslverifyclient">SSLVerifyClient</a></code>
in a Directory or
+Location block, then <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code>
must buffer any HTTP
+request body into memory until the new SSL handshake can be performed.
+This directive can be used to set the amount of memory that will be
+used for this buffer. </p>
+
+<div class="warning"><p>
+Note that in many configurations, the client sending the request body
+will be untrusted so a denial of service attack by consumption of
+memory must be considered when changing this configuration setting.
+</p></div>
+
 <div class="example"><h3>Example</h3><p><code>
 SSLRenegBufferSize 262144
 </code></p></div>

Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml?rev=733695&r1=733694&r2=733695&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml Mon Jan 12 03:33:14 2009
@@ -1324,7 +1324,7 @@
 
 <directivesynopsis>
 <name>SSLRenegBufferSize</name>
-<description>Set the size for the SSL renogotiation buffer</description>
+<description>Set the size for the SSL renegotiation buffer</description>
 <syntax>SSLRenegBufferSize <var>bytes</var></syntax>
 <default>SSLRenegBufferSize 131072</default>
 <contextlist><context>directory</context>
@@ -1332,11 +1332,21 @@
 <override>AuthConfig</override>
 
 <usage>
-<p>
-Configure the amount of memory that will be used for buffering the
-request body if a per-location SSL renegotiation is required due to
-changed access control requirements.
-</p>
+
+<p>If an SSL renegotiation is required in per-location context, for
+example, any use of <directive
+module="mod_ssl">SSLVerifyClient</directive> in a Directory or
+Location block, then <module>mod_ssl</module> must buffer any HTTP
+request body into memory until the new SSL handshake can be performed.
+This directive can be used to set the amount of memory that will be
+used for this buffer. </p>
+
+<note type="warning"><p>
+Note that in many configurations, the client sending the request body
+will be untrusted so a denial of service attack by consumption of
+memory must be considered when changing this configuration setting.
+</p></note>
+
 <example><title>Example</title>
 SSLRenegBufferSize 262144
 </example>



Mime
View raw message