Return-Path: Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: (qmail 16766 invoked from network); 3 Jan 2009 21:10:49 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 3 Jan 2009 21:10:49 -0000 Received: (qmail 93381 invoked by uid 500); 3 Jan 2009 21:10:48 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 93316 invoked by uid 500); 3 Jan 2009 21:10:48 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 93307 invoked by uid 99); 3 Jan 2009 21:10:48 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 03 Jan 2009 13:10:48 -0800 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 03 Jan 2009 21:10:47 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 82173238899B; Sat, 3 Jan 2009 13:10:27 -0800 (PST) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r731089 - in /httpd/httpd/trunk/docs/manual/mod: directives.html.en mod_session_crypto.html.en quickreference.html.en Date: Sat, 03 Jan 2009 21:10:27 -0000 To: cvs@httpd.apache.org From: minfrin@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20090103211027.82173238899B@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: minfrin Date: Sat Jan 3 13:10:27 2009 New Revision: 731089 URL: http://svn.apache.org/viewvc?rev=731089&view=rev Log: Update transformation. Modified: httpd/httpd/trunk/docs/manual/mod/directives.html.en httpd/httpd/trunk/docs/manual/mod/mod_session_crypto.html.en httpd/httpd/trunk/docs/manual/mod/quickreference.html.en Modified: httpd/httpd/trunk/docs/manual/mod/directives.html.en URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/directives.html.en?rev=731089&r1=731088&r2=731089&view=diff ============================================================================== --- httpd/httpd/trunk/docs/manual/mod/directives.html.en (original) +++ httpd/httpd/trunk/docs/manual/mod/directives.html.en Sat Jan 3 13:10:27 2009 @@ -401,11 +401,7 @@
  • SessionCookieName
  • SessionCookieName2
  • SessionCookieRemove
    • -
  • SessionCryptoCertificateFile
    • -
  • SessionCryptoCertificateKeyFile
    • -
  • SessionCryptoCipher
    • -
  • SessionCryptoDigest
    • -
  • SessionCryptoEngine
    • +
  • SessionCryptoDriver
  • SessionCryptoPassphrase
  • SessionDBDCookieName
  • SessionDBDCookieName2
    • Modified: httpd/httpd/trunk/docs/manual/mod/mod_session_crypto.html.en URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_session_crypto.html.en?rev=731089&r1=731088&r2=731089&view=diff ============================================================================== --- httpd/httpd/trunk/docs/manual/mod/mod_session_crypto.html.en (original) +++ httpd/httpd/trunk/docs/manual/mod/mod_session_crypto.html.en Sat Jan 3 13:10:27 2009 @@ -52,11 +52,7 @@
    top
    -

    SessionCryptoCertificateFile Directive

    +

    SessionCryptoDriver Directive

    - - + + - +
    Description:The certificate used to encrypt and decrypt the session
    Syntax:SessionCryptoCertificateFile file
    Description:The crypto driver to be used to encrypt the session
    Syntax:SessionCryptoDriver name [param[=value]]
    Default:none
    Context:server config, virtual host, directory, .htaccess
    Context:server config
    Status:Extension
    Module:mod_session_crypto
    Compatibility:Available in Apache 2.3.0 and later
    -

    The SessionCryptoCertificateFile directive specifies the name - of a certificate to be used to asymmetrically encrypt the contents of the session before - writing the session, or decrypting the content of the session after reading the session.

    - -

    Changing the certificate on a server has the effect of invalidating all existing - sessions.

    - -

    If the key associated with this certificate is protected with a passphrase, the - SessionCryptoPassphrase directive - will be interpreted as the passphrase to use to decrypt the key.

    - -

    Experimental

    -

    This directive is dependent on experimental support for asymmetrical encryption - support currently available in prerelease versions of OpenSSL, and will only be - available on platforms that support it.

    -
    - +

    The SessionCryptoDriver directive specifies the name of + the crypto driver to be used for encryption. If not specified, the driver defaults + to the recommended driver compiled into APR-util.

    -
    -
    top
    -

    SessionCryptoCertificateKeyFile Directive

    - - - - - - - - -
    Description:The certificate key used to encrypt and decrypt the session
    Syntax:SessionCryptoCertificateKeyFile file
    Default:none
    Context:server config, virtual host, directory, .htaccess
    Status:Extension
    Module:mod_session_crypto
    Compatibility:Available in Apache 2.3.0 and later
    -

    The SessionCryptoCertificateKeyFile directive specifies the name - of a certificate key to be used alongside a certificate to encrypt the contents of the - session before writing the session, or decrypting the content of the session after reading - the session.

    - -

    Changing the certificate or key on a server has the effect of invalidating all existing - sessions.

    +

    The NSS crypto driver requires some parameters for configuration, + which are specified as parameters with optional values after the driver name.

    -

    If this key is protected with a passphrase, the - SessionCryptoPassphrase directive - will be interpreted as the passphrase to use to decrypt the key.

    - -

    Experimental

    -

    This directive is dependent on experimental support for asymmetrical encryption - support currently available in prerelease versions of OpenSSL, and will only be - available on platforms that support it.

    -
    - +

    NSS without a certificate database

    + SessionCryptoDriver nss +

    -
    -
    top
    -

    SessionCryptoCipher Directive

    - - - - - - - - -
    Description:The name of the cipher to use during encryption / decryption
    Syntax:SessionCryptoCipher cipher
    Default:AES256
    Context:server config, virtual host, directory, .htaccess
    Status:Extension
    Module:mod_session_crypto
    Compatibility:Available in Apache 2.3.0 and later
    -

    The SessionCryptoCipher directive specifies the name - of the cipher to use during encryption. The ciphers available will depend on the - underlying encryption toolkit on the server platform.

    +

    NSS with certificate database

    + SessionCryptoDriver nss dir=certs +

    -
    -
    top
    -

    SessionCryptoDigest Directive

    - - - - - - - - -
    Description:The name of the digest to use during encryption / decryption
    Syntax:SessionCryptoDigest cipher
    Default:SHA
    Context:server config, virtual host, directory, .htaccess
    Status:Extension
    Module:mod_session_crypto
    Compatibility:Available in Apache 2.3.0 and later
    -

    The SessionCryptoDigest directive specifies the name - of the digest to use during encryption. The list of digests available will depend - on the underlying encryption toolkit on the server platform.

    +

    NSS with certificate database and parameters

    + SessionCryptoDriver nss dir=certs key3=key3.db cert7=cert7.db secmod=secmod +

    + +

    The NSS crypto driver might have already been configured by another + part of the server, for example from mod_nss or + mod_ldap. If found to have already been configured, + a warning will be logged, and the existing configuration will have taken affect. + To avoid this warning, use the noinit parameter as follows.

    + +

    NSS with certificate database

    + SessionCryptoDriver nss noinit +

    + +

    To prevent confusion, ensure that all modules requiring NSS are configured with + identical parameters.

    -
    -
    top
    -

    SessionCryptoEngine Directive

    - - - - - - - - -
    Description:The name of the engine to use during encryption / decryption
    Syntax:SessionCryptoEngine engine
    Default:none
    Context:server config, virtual host, directory, .htaccess
    Status:Extension
    Module:mod_session_crypto
    Compatibility:Available in Apache 2.3.0 and later
    -

    The SessionCryptoEngine directive specifies the name - of the engine to use during encryption, depending on the capabilities of the - underlying encryption toolkit on the server platform.

    top
    @@ -214,15 +146,26 @@

    The SessionCryptoPassphrase directive specifies the key to be used to enable symmetrical encryption on the contents of the session before - writing the session, or decrypting the contents of the session after reading the session.

    + writing the session, or decrypting the contents of the session after reading the + session.

    Keys are more secure when they are long, and consist of truly random characters. Changing the key on a server has the effect of invalidating all existing sessions.

    -

    If the SessionCryptoCertificateFile - directive is set and asymmetrical encryption is enabled instead, the - SessionCryptoPassphrase directive - will be interpreted as the passphrase of the key, if the key is encrypted.

    +

    The cipher can be set to 3des192 or aes256 using the + cipher parameter as per the example below. If not set, the cipher defaults + to aes256.

    + +

    Cipher

    + SessionCryptoPassphrase secret cipher=aes256 +

    + +

    The openssl crypto driver supports an optional parameter to specify + the engine to be used for encryption.

    + +

    OpenSSL with engine support

    + SessionCryptoPassphrase secret engine=name +

    Modified: httpd/httpd/trunk/docs/manual/mod/quickreference.html.en URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/quickreference.html.en?rev=731089&r1=731088&r2=731089&view=diff ============================================================================== --- httpd/httpd/trunk/docs/manual/mod/quickreference.html.en (original) +++ httpd/httpd/trunk/docs/manual/mod/quickreference.html.en Sat Jan 3 13:10:27 2009 @@ -690,11 +690,7 @@ SessionCookieName name attributessvdhEName and attributes for the RFC2109 cookie storing the session SessionCookieName2 name attributessvdhEName and attributes for the RFC2965 cookie storing the session SessionCookieRemove On|Off Off svdhEControl for whether session cookies should be removed from incoming HTTP headers -SessionCryptoCertificateFile filesvdhEThe certificate used to encrypt and decrypt the session -SessionCryptoCertificateKeyFile filesvdhEThe certificate key used to encrypt and decrypt the session -SessionCryptoCipher ciphersvdhEThe name of the cipher to use during encryption / decryption -SessionCryptoDigest ciphersvdhEThe name of the digest to use during encryption / decryption -SessionCryptoEngine enginesvdhEThe name of the engine to use during encryption / decryption +SessionCryptoDriver name [param[=value]]sEThe crypto driver to be used to encrypt the session SessionCryptoPassphrase secretsvdhEThe key used to encrypt the session SessionDBDCookieName name attributessvdhEName and attributes for the RFC2109 cookie storing the session ID SessionDBDCookieName2 name attributessvdhEName and attributes for the RFC2965 cookie storing the session ID