httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From humbed...@apache.org
Subject svn commit: r1333999 - in /httpd/httpd/branches/2.4.x/docs/manual/ssl: index.xml index.xml.fr ssl_faq.xml ssl_faq.xml.fr ssl_howto.xml ssl_howto.xml.fr ssl_intro.xml ssl_intro.xml.fr
Date Fri, 04 May 2012 14:42:36 GMT
Author: humbedooh
Date: Fri May  4 14:42:35 2012
New Revision: 1333999

URL: http://svn.apache.org/viewvc?rev=1333999&view=rev
Log:
Backporting syntax highlighting and igor's changes for ssl/

Modified:
    httpd/httpd/branches/2.4.x/docs/manual/ssl/index.xml
    httpd/httpd/branches/2.4.x/docs/manual/ssl/index.xml.fr
    httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_faq.xml
    httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_faq.xml.fr
    httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_howto.xml
    httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_howto.xml.fr
    httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_intro.xml
    httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_intro.xml.fr

Modified: httpd/httpd/branches/2.4.x/docs/manual/ssl/index.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/ssl/index.xml?rev=1333999&r1=1333998&r2=1333999&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/ssl/index.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/ssl/index.xml Fri May  4 14:42:35 2012
@@ -30,8 +30,7 @@
 provides an interface to the <a
 href="http://www.openssl.org/">OpenSSL</a> library, which provides
 Strong Encryption using the Secure Sockets Layer and Transport Layer
-Security protocols.  The module and this documentation are based on
-Ralf S. Engelschall's mod_ssl project.</p>
+Security protocols.</p>
 </summary>
 
 <section id="documentation"><title>Documentation</title>

Modified: httpd/httpd/branches/2.4.x/docs/manual/ssl/index.xml.fr
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/ssl/index.xml.fr?rev=1333999&r1=1333998&r2=1333999&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/ssl/index.xml.fr (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/ssl/index.xml.fr Fri May  4 14:42:35 2012
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="ISO-8859-1" ?>
 <!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision : 1070915 -->
+<!-- English Revision : 1328159 -->
 <!-- French translation : Lucien GENTIS -->
 <!-- Reviewed by : Vincent Deffontaines -->
 
@@ -33,8 +33,7 @@ interface avec la biblioth&egrave;que <a
 href="http://www.openssl.org/">OpenSSL</a>, qui permet d'effectuer un
 chiffrement fort en s'appuyant sur les protocoles "Couche Points d'acc&egrave;s
 S&eacute;curis&eacute;s" (Secure Sockets Layer - SSL) et "S&eacute;curit&eacute;
de la Couche Transport"
-(Transport Layer Security - TLS). Le module et cette documentation sont bas&eacute;s
-sur le projet mod_ssl de Ralf S. Engelschall.</p>
+(Transport Layer Security - TLS).</p>
 </summary>
 
 <section id="documentation"><title>Documentation</title>

Modified: httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_faq.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_faq.xml?rev=1333999&r1=1333998&r2=1333999&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_faq.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_faq.xml Fri May  4 14:42:35 2012
@@ -172,11 +172,11 @@ relative hyperlinks?</a></li>
     fully-qualified hyperlinks (because you have to change the URL
     scheme).  Using <module>mod_rewrite</module> however, you can
     manipulate relative hyperlinks, to achieve the same effect.</p>
-    <example>
-    RewriteEngine on<br />
-    RewriteRule   ^/(.*)_SSL$   https://%{SERVER_NAME}/$1 [R,L]<br />
-    RewriteRule   ^/(.*)_NOSSL$ http://%{SERVER_NAME}/$1  [R,L]
-    </example>
+    <highlight language="config">
+RewriteEngine on
+RewriteRule   ^/(.*)_SSL$   https://%{SERVER_NAME}/$1 [R,L]
+RewriteRule   ^/(.*)_NOSSL$ http://%{SERVER_NAME}/$1  [R,L]
+    </highlight>
 
     <p>This rewrite ruleset lets you use hyperlinks of the form
     <code>&lt;a href="document.html_SSL"&gt;</code>, to switch to HTTPS
@@ -253,10 +253,10 @@ Certificate for testing purposes?</title
                         -keyout server.key</strong></code><br />
         These can be used as follows in your <code>httpd.conf</code>
         file:
-        <pre>
-             SSLCertificateFile    /path/to/this/server.crt
-             SSLCertificateKeyFile /path/to/this/server.key
-        </pre>
+        <highlight language="config">
+SSLCertificateFile    /path/to/this/server.crt
+SSLCertificateKeyFile /path/to/this/server.key
+        </highlight>
     </li>
     <li>It is important that you are aware that this
         <code>server.key</code> does <em>not</em> have any passphrase.
@@ -333,10 +333,10 @@ Certificate for testing purposes?</title
     <li>You should now have two files: <code>server.key</code> and
     <code>server.crt</code>. These can be used as follows in your
     <code>httpd.conf</code> file:
-       <pre>
-       SSLCertificateFile    /path/to/this/server.crt
-       SSLCertificateKeyFile /path/to/this/server.key
-       </pre>
+       <highlight language="config">
+SSLCertificateFile    /path/to/this/server.crt
+SSLCertificateKeyFile /path/to/this/server.key
+       </highlight>
        The <code>server.csr</code> file is no longer needed.
     </li>
 
@@ -605,9 +605,9 @@ error when connecting to my newly instal
     handshake is finished, but the information is needed in order to
     complete the SSL handshake phase. See the next question for how to
     circumvent this issue.</p>
-
+    
     <p>Note that if you have a wildcard SSL certificate, or a
-    certificate that has multple hostnames on it using subjectAltName
+    certificate that has multiple hostnames on it using subjectAltName
     fields, you can use SSL on name-based virtual hosts without further
     workarounds.</p>
 </section>
@@ -650,9 +650,9 @@ Virtual Hosting to identify different SS
     you must make sure to put the non-SSL port number on the NameVirtualHost
     directive, e.g.</p>
 
-    <example>
+    <highlight language="config">
       NameVirtualHost 192.168.1.1:80
-    </example>
+    </highlight>
 
     <p>Other workaround solutions include: </p>
 
@@ -668,7 +668,7 @@ a negotiable standard compression method
 <p>OpenSSL 0.9.8 started to support this by default when compiled with the
 <code>zlib</code> option. If both the client and the server support compression,
 it will be used. However, most clients still try to initially connect with an
-SSLv2 Hello. As SSLv2 did not include an array of prefered compression algorithms
+SSLv2 Hello. As SSLv2 did not include an array of preferred compression algorithms
 in its handshake, compression cannot be negotiated with these clients.
 If the client disables support for SSLv2, either an SSLv3 or TLS Hello
 may be sent, depending on which SSL library is used, and compression may
@@ -702,11 +702,11 @@ Explorer (MSIE)?</title>
     keep-alive connections or send the SSL close notify messages to MSIE clients.
     This can be done by using the following directive in your SSL-aware
     virtual host section:</p>
-    <example>
-    SetEnvIf User-Agent "MSIE [2-5]" \<br />
-             nokeepalive ssl-unclean-shutdown \<br />
-             downgrade-1.0 force-response-1.0
-    </example>
+    <highlight language="config">
+SetEnvIf User-Agent "MSIE [2-5]" \
+         nokeepalive ssl-unclean-shutdown \
+         downgrade-1.0 force-response-1.0
+    </highlight>
     <p>Further, some MSIE versions have problems with particular ciphers.
     Unfortunately, it is not possible to implement a MSIE-specific
     workaround for this, because the ciphers are needed as early as the

Modified: httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_faq.xml.fr
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_faq.xml.fr?rev=1333999&r1=1333998&r2=1333999&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_faq.xml.fr (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_faq.xml.fr Fri May  4 14:42:35 2012
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="ISO-8859-1" ?>
 <!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English revision : 1303823 -->
+<!-- English Revision: 1328589:1330881 (outdated) -->
 <!-- French translation : Lucien GENTIS -->
 <!-- Reviewed by : Vincent Deffontaines -->
 
@@ -644,7 +644,7 @@ l'oeuf ou de la poule. La couche du prot
 couche de protocole HTTP qu'elle encapsule. Lors de l'&eacute;tablissement d'une
 connexion SSL (HTTPS), Apache/mod_ssl doit n&eacute;gocier les param&egrave;tres
du
 protocole SSL avec le client. Pour cela, mod_ssl doit consulter la
-configuration du serveur virtuel (par exemple, il doit acc&eacute;der &agrave; la
la suite
+configuration du serveur virtuel (par exemple, il doit acc&eacute;der &agrave; la
suite
 d'algorithmes de chiffrement, au certificat du serveur, etc...). Mais afin de
 s&eacute;lectionner le bon serveur virtuel, Apache doit conna&icirc;tre le contenu
du champ
 d'en-t&ecirc;te HTTP <code>Host</code>. Pour cela, il doit lire l'en-t&ecirc;te
de la
@@ -681,7 +681,7 @@ pour diff&eacute;rencier plusieurs h&oci
     <p>Notez que si votre certificat comporte un nom de serveur avec
     caract&egrave;res g&eacute;n&eacute;riques, ou des noms de serveurs multiples
dans le
     champ subjectAltName, vous pouvez utiliser SSL avec les serveurs
-    virtuels &agrave; base de noms sans avoir &agrave; contourner ce probl&egrave;me.</p>
   
+    virtuels &agrave; base de noms sans avoir &agrave; contourner ce probl&egrave;me.</p>
 
     <p>La raison en est que le protocole SSL constitue une couche s&eacute;par&eacute;e
qui
     encapsule le protocole HTTP. Aini, la session SSL n&eacute;cessite une

Modified: httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_howto.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_howto.xml?rev=1333999&r1=1333998&r2=1333999&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_howto.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_howto.xml Fri May  4 14:42:35 2012
@@ -36,20 +36,18 @@ before progressing to the advanced techn
 <section id="configexample">
 <title>Basic Configuration Example</title>
 
-<p>Your SSL configuration will need to contain, at a minumum, the
+<p>Your SSL configuration will need to contain, at minimum, the
 following directives.</p>
 
-<example>
-   Listen 443<br />
-   &lt;VirtualHost *:443&gt;<br />
-   <indent>
-        ServerName www.example.com<br />
-        SSLEngine on<br />
-        SSLCertificateFile /path/to/www.example.com.cert<br />
-        SSLCertificateKeyFile /path/to/www.example.com.key<br />
-   </indent>
-   &lt;/VirtualHost&gt;
-</example>
+<highlight language="config">
+Listen 443
+&lt;VirtualHost *:443&gt;
+    ServerName www.example.com
+    SSLEngine on
+    SSLCertificateFile /path/to/www.example.com.cert
+    SSLCertificateKeyFile /path/to/www.example.com.key
+&lt;/VirtualHost&gt;
+</highlight>
 
 </section>
 
@@ -65,18 +63,18 @@ requires a strong cipher for access to a
 <title>How can I create an SSL server which accepts strong encryption
 only?</title>
     <p>The following enables only the strongest ciphers:</p>
-    <example><title>httpd.conf</title>
-      SSLCipherSuite HIGH:!aNULL:!MD5<br />
-    </example>
+    <highlight language="config">
+      SSLCipherSuite HIGH:!aNULL:!MD5
+    </highlight>
 
     <p>While with the following configuration you specify a preference
     for specific speed-optimized ciphers (which will be selected by
     mod_ssl, provided that they are supported by the client):</p>
 
-    <example><title>httpd.conf</title>
-      SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5<br />
-      SSLHonorCipherOrder on
-    </example>
+    <highlight language="config">
+SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5
+SSLHonorCipherOrder on
+    </highlight>
 </section>
 
 <section id="strongurl">
@@ -90,16 +88,16 @@ URL?</title>
     blocks, to give a per-directory solution, and can automatically force
     a renegotiation of the SSL parameters to meet the new configuration.
     This can be done as follows:</p>
-    <example>
-      # be liberal in general<br />
-      SSLCipherSuite ALL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL<br />
-      <br />
-      &lt;Location /strong/area&gt;<br />
-      # but https://hostname/strong/area/ and below<br />
-      # requires strong ciphers<br />
-      SSLCipherSuite HIGH:!aNULL:!MD5<br />
-      &lt;/Location&gt;
-    </example>
+    <highlight language="config">
+# be liberal in general
+SSLCipherSuite ALL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
+
+&lt;Location /strong/area&gt;
+# but https://hostname/strong/area/ and below
+# requires strong ciphers
+SSLCipherSuite HIGH:!aNULL:!MD5
+&lt;/Location&gt;
+    </highlight>
 </section>
 </section>
 <!-- /ciphersuites -->
@@ -125,13 +123,13 @@ Intranet website, for clients coming fro
     need to do is to create client certificates signed by your own CA
     certificate (<code>ca.crt</code>) and then verify the clients against this
     certificate.</p>
-    <example><title>httpd.conf</title>
-      # require a client certificate which has to be directly<br />
-      # signed by our CA certificate in ca.crt<br />
-      SSLVerifyClient require<br />
-      SSLVerifyDepth 1<br />
-      SSLCACertificateFile conf/ssl.crt/ca.crt
-    </example>
+    <highlight language="config">
+# require a client certificate which has to be directly
+# signed by our CA certificate in ca.crt
+SSLVerifyClient require
+SSLVerifyDepth 1
+SSLCACertificateFile conf/ssl.crt/ca.crt
+    </highlight>
 </section>
 
 <section id="arbitraryclients">
@@ -142,15 +140,15 @@ Intranet website, for clients coming fro
     you can use the per-directory reconfiguration features of
     <module>mod_ssl</module>:</p>
 
-    <example><title>httpd.conf</title>
-    SSLVerifyClient none<br />
-    SSLCACertificateFile conf/ssl.crt/ca.crt<br />
-    <br />
-    &lt;Location /secure/area&gt;<br />
-    SSLVerifyClient require<br />
-    SSLVerifyDepth 1<br />
-    &lt;/Location&gt;<br />
-    </example>
+    <highlight language="config">
+SSLVerifyClient none
+SSLCACertificateFile conf/ssl.crt/ca.crt
+
+&lt;Location /secure/area&gt;
+SSLVerifyClient require
+SSLVerifyDepth 1
+&lt;/Location&gt;
+    </highlight>
 </section>
 
 <section id="certauthenticate">
@@ -169,23 +167,22 @@ Intranet website, for clients coming fro
     you should establish a password database containing <em>all</em>
     clients allowed, as follows:</p>
 
-    <example><title>httpd.conf</title><pre>
+    <highlight language="config">
 SSLVerifyClient      none
 &lt;Directory /usr/local/apache2/htdocs/secure/area&gt;
-
-SSLVerifyClient      require
-SSLVerifyDepth       5
-SSLCACertificateFile conf/ssl.crt/ca.crt
-SSLCACertificatePath conf/ssl.crt
-SSLOptions           +FakeBasicAuth
-SSLRequireSSL
-AuthName             "Snake Oil Authentication"
-AuthType             Basic
-AuthBasicProvider    file
-AuthUserFile         /usr/local/apache2/conf/httpd.passwd
-Require              valid-user
-&lt;/Directory&gt;</pre>
-    </example>
+    SSLVerifyClient      require
+    SSLVerifyDepth       5
+    SSLCACertificateFile conf/ssl.crt/ca.crt
+    SSLCACertificatePath conf/ssl.crt
+    SSLOptions           +FakeBasicAuth
+    SSLRequireSSL
+    AuthName             "Snake Oil Authentication"
+    AuthType             Basic
+    AuthBasicProvider    file
+    AuthUserFile         /usr/local/apache2/conf/httpd.passwd
+    Require              valid-user
+&lt;/Directory&gt;
+    </highlight>
 
     <p>The password used in this example is the DES encrypted string "password".
     See the <directive module="mod_ssl">SSLOptions</directive> docs for more
@@ -202,10 +199,9 @@ Require              valid-user
     >SSLRequire</directive>, as follows:</p>
 
 
-    <example><title>httpd.conf</title><pre>
+    <highlight language="config">
 SSLVerifyClient      none
 &lt;Directory /usr/local/apache2/htdocs/secure/area&gt;
-
   SSLVerifyClient      require
   SSLVerifyDepth       5
   SSLCACertificateFile conf/ssl.crt/ca.crt
@@ -214,8 +210,8 @@ SSLVerifyClient      none
   SSLRequireSSL
   SSLRequire       %{SSL_CLIENT_S_DN_O}  eq "Snake Oil, Ltd." \
                and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"}
-&lt;/Directory&gt;</pre>
-    </example>
+&lt;/Directory&gt;
+    </highlight>
 </section>
 
 <section id="intranet">
@@ -230,50 +226,50 @@ plain HTTP access for clients on the Int
    This configuration should remain outside of your HTTPS virtual host, so
    that it applies to both HTTPS and HTTP.</p>
 
-    <example><title>httpd.conf</title><pre>
+    <highlight language="config">
 SSLCACertificateFile conf/ssl.crt/company-ca.crt
 
 &lt;Directory /usr/local/apache2/htdocs&gt;
-#   Outside the subarea only Intranet access is granted
-Order                deny,allow
-Deny                 from all
-Allow                from 192.168.1.0/24
+    #   Outside the subarea only Intranet access is granted
+    Order                deny,allow
+    Deny                 from all
+    Allow                from 192.168.1.0/24
 &lt;/Directory&gt;
 
 &lt;Directory /usr/local/apache2/htdocs/subarea&gt;
-#   Inside the subarea any Intranet access is allowed
-#   but from the Internet only HTTPS + Strong-Cipher + Password
-#   or the alternative HTTPS + Strong-Cipher + Client-Certificate
-
-#   If HTTPS is used, make sure a strong cipher is used.
-#   Additionally allow client certs as alternative to basic auth.
-SSLVerifyClient      optional
-SSLVerifyDepth       1
-SSLOptions           +FakeBasicAuth +StrictRequire
-SSLRequire           %{SSL_CIPHER_USEKEYSIZE} &gt;= 128
-
-#   Force clients from the Internet to use HTTPS
-RewriteEngine        on
-RewriteCond          %{REMOTE_ADDR} !^192\.168\.1\.[0-9]+$
-RewriteCond          %{HTTPS} !=on
-RewriteRule          . - [F]
-
-#   Allow Network Access and/or Basic Auth
-Satisfy              any
-
-#   Network Access Control
-Order                deny,allow
-Deny                 from all
-Allow                192.168.1.0/24
-
-#   HTTP Basic Authentication
-AuthType             basic
-AuthName             "Protected Intranet Area"
-AuthBasicProvider    file
-AuthUserFile         conf/protected.passwd
-Require              valid-user
-&lt;/Directory&gt;</pre>
-    </example>
+    #   Inside the subarea any Intranet access is allowed
+    #   but from the Internet only HTTPS + Strong-Cipher + Password
+    #   or the alternative HTTPS + Strong-Cipher + Client-Certificate
+    
+    #   If HTTPS is used, make sure a strong cipher is used.
+    #   Additionally allow client certs as alternative to basic auth.
+    SSLVerifyClient      optional
+    SSLVerifyDepth       1
+    SSLOptions           +FakeBasicAuth +StrictRequire
+    SSLRequire           %{SSL_CIPHER_USEKEYSIZE} &gt;= 128
+    
+    #   Force clients from the Internet to use HTTPS
+    RewriteEngine        on
+    RewriteCond          %{REMOTE_ADDR} !^192\.168\.1\.[0-9]+$
+    RewriteCond          %{HTTPS} !=on
+    RewriteRule          . - [F]
+    
+    #   Allow Network Access and/or Basic Auth
+    Satisfy              any
+    
+    #   Network Access Control
+    Order                deny,allow
+    Deny                 from all
+    Allow                192.168.1.0/24
+    
+    #   HTTP Basic Authentication
+    AuthType             basic
+    AuthName             "Protected Intranet Area"
+    AuthBasicProvider    file
+    AuthUserFile         conf/protected.passwd
+    Require              valid-user
+&lt;/Directory&gt;
+    </highlight>
 </section>
 </section>
 <!-- /access control -->

Modified: httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_howto.xml.fr
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_howto.xml.fr?rev=1333999&r1=1333998&r2=1333999&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_howto.xml.fr (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_howto.xml.fr Fri May  4 14:42:35 2012
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="ISO-8859-1" ?>
 <!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision : 1203753 -->
+<!-- English Revision: 1328589:1330881 (outdated) -->
 <!-- French translation : Lucien GENTIS -->
 <!-- Reviewed by : Vincent Deffontaines -->
 
@@ -105,7 +105,7 @@ acc&eacute;der &agrave; une URL particul
     Cette configuration peut se pr&eacute;senter comme suit :</p>
     <example>
       # soyons tr&egrave;s tol&eacute;rant a priori<br />
-      SSLCipherSuite ALL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL<br />
+      SSLCipherSuite ALL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL<br />
       <br />
       &lt;Location /strong/area&gt;<br />
       # sauf pour https://hostname/strong/area/ et ses sous-r&eacute;pertoires<br
/>

Modified: httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_intro.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_intro.xml?rev=1333999&r1=1333998&r2=1333999&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_intro.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_intro.xml Fri May  4 14:42:35 2012
@@ -26,14 +26,6 @@
   <title>SSL/TLS Strong Encryption: An Introduction</title>
 
 <summary>
-<blockquote>
-<p>The nice thing about standards is that there are so many to choose
-from. And if you really don't like all the standards you just have to
-wait another year until the one arises you are looking for.</p>
-
-<p class="cite">-- <cite>A. Tanenbaum</cite>, "Introduction to
-Computer Networks"</p>
-</blockquote>
 
 <p>As an introduction this chapter is aimed at readers who are familiar
 with the Web, HTTP, and Apache, but are not security experts. It is not
@@ -43,20 +35,6 @@ important legal issues of patents and im
 Rather, it is intended to provide a common background to <module
 >mod_ssl</module> users by pulling together various concepts, definitions,
 and examples as a starting point for further exploration.</p>
-
-<p>The presented content is mainly derived, with the author's permission,
-from the article <a
-href="http://home.comcast.net/~fjhirsch/Papers/wwwj/">Introducing
-SSL and Certificates using SSLeay</a> by <a
-href="http://home.comcast.net/~fjhirsch/">Frederick J. Hirsch</a>, of The
-Open Group Research Institute, which was published in <a
-href="http://www.ora.com/catalog/wjsum97/">Web Security: A Matter of
-Trust</a>, World Wide Web Journal, Volume 2, Issue 3, Summer 1997.
-Please send any positive feedback to <a
-href="mailto:hirsch@fjhirsch.com">Frederick Hirsch</a> (the original
-article author) and all negative feedback to <a
-href="mailto:rse@engelschall.com">Ralf S. Engelschall</a> (the
-<module>mod_ssl</module> author).</p>
 </summary>
 
 <section id="cryptographictech">
@@ -262,7 +240,7 @@ certificates are used for authentication
     as <code>*.snakeoil.com</code>.</p>
 
     <p>The binary format of a certificate is defined using the ASN.1
-    notation [<a href="#X208">X208</a>] [<a href="#PKCS">PKCS</a>].
This
+    notation [<a href="#ASN1">ASN1</a>] [<a href="#PKCS">PKCS</a>].
This
     notation defines how to specify the contents and encoding rules
     define how this information is translated into binary form. The binary
     encoding of the certificate is defined using Distinguished Encoding
@@ -409,8 +387,7 @@ establishing a protocol session.</p>
         <th>Description</th>
         <th>Browser Support</th></tr>
     <tr><td>SSL v2.0</td>
-        <td>Vendor Standard (from Netscape Corp.) [<a href="#SSL2"
-        >SSL2</a>]</td>
+        <td>Vendor Standard (from Netscape Corp.)</td>
         <td>First SSL protocol for which implementations exist</td>
         <td>- NS Navigator 1.x/2.x<br />
         - MS IE 3.x<br />
@@ -430,6 +407,18 @@ establishing a protocol session.</p>
         padding for block ciphers, message order standardization and more
         alert messages.</td>
         <td>- Lynx/2.8+OpenSSL</td></tr>
+    <tr><td>TLS v1.1</td>
+        <td>Proposed Internet Standard (from IETF) [<a href="#TLS11"
+        >TLS11</a>]</td>
+        <td>Update of TLS 1.0 to add protection against Cipher block chaining
+        (CBC) attacks.</td>
+        <td>-</td></tr>
+    <tr><td>TLS v1.2</td>
+        <td>Proposed Internet Standard (from IETF) [<a href="#TLS12"
+        >TLS12</a>]</td>
+        <td>Update of TLS 1.2 deprecating MD5 as hash, and adding incompatibility
+        to SSL so it will never negotiate the use of SSLv2.</td>
+        <td>-</td></tr>
     </table>
 </section>
 
@@ -461,7 +450,7 @@ the Internet Engineering Task Force (IET
     to start a session. To do this, the server assigns each SSL session a
     unique session identifier which is cached in the server and which the
     client can use in future connections to reduce the handshake time
-    (until the session identifer expires from the cache of the server).</p>
+    (until the session identifier expires from the cache of the server).</p>
     </note>
 
     <p class="figure">
@@ -635,18 +624,17 @@ the Internet Engineering Task Force (IET
 >http://www.counterpane.com/</a> for various other materials by Bruce
 Schneier.</dd>
 
-<dt><a id="X208" name="X208">[X208]</a></dt>
+<dt><a id="ASN1" name="ASN1">[ASN1]</a></dt>
 <dd>ITU-T Recommendation X.208, <q>Specification of Abstract Syntax Notation
-One (ASN.1)</q>, 1988. See for instance <a
-href="http://www.itu.int/rec/recommendation.asp?type=items&amp;lang=e&amp;parent=T-REC-X.208-198811-I"
->http://www.itu.int/rec/recommendation.asp?type=items&amp;lang=e&amp;parent=T-REC-X.208-198811-I</a>.
+One (ASN.1)</q>, last updated 2008. See <a href="http://www.itu.int/ITU-T/asn1/"
+>http://www.itu.int/ITU-T/asn1/</a>.
 </dd>
 
 <dt><a id="X509" name="X509">[X509]</a></dt>
 <dd>ITU-T Recommendation X.509, <q>The Directory - Authentication
-Framework</q>. See for instance <a
-href="http://www.itu.int/rec/recommendation.asp?type=folders&amp;lang=e&amp;parent=T-REC-X.509"
->http://www.itu.int/rec/recommendation.asp?type=folders&amp;lang=e&amp;parent=T-REC-X.509</a>.
+Framework</q>. For references, see <a
+href="http://en.wikipedia.org/wiki/X.509"
+>http://en.wikipedia.org/wiki/X.509</a>.
 </dd>
 
 <dt><a id="PKCS" name="PKCS">[PKCS]</a></dt>
@@ -658,13 +646,8 @@ href="http://www.rsasecurity.com/rsalabs
 <dt><a id="MIME" name="MIME">[MIME]</a></dt>
 <dd>N. Freed, N. Borenstein, <q>Multipurpose Internet Mail Extensions
 (MIME) Part One: Format of Internet Message Bodies</q>, RFC2045.
-See for instance <a href="http://ietf.org/rfc/rfc2045.txt"
->http://ietf.org/rfc/rfc2045.txt</a>.</dd>
-
-<dt><a id="SSL2" name="SSL2">[SSL2]</a></dt>
-<dd>Kipp E.B. Hickman, <q>The SSL Protocol</q>, 1995. See <a
-href="http://www.netscape.com/eng/security/SSL_2.html"
->http://www.netscape.com/eng/security/SSL_2.html</a>.</dd>
+See for instance <a href="http://tools.ietf.org/html/rfc2045"
+>http://tools.ietf.org/html/rfc2045</a>.</dd>
 
 <dt><a id="SSL3" name="SSL3">[SSL3]</a></dt>
 <dd>Alan O. Freier, Philip Karlton, Paul C. Kocher, <q>The SSL Protocol
@@ -676,6 +659,16 @@ href="http://www.netscape.com/eng/ssl3/d
 <dd>Tim Dierks, Christopher Allen, <q>The TLS Protocol Version 1.0</q>,
 1999. See <a href="http://ietf.org/rfc/rfc2246.txt"
 >http://ietf.org/rfc/rfc2246.txt</a>.</dd>
+
+<dt><a id="TLS11" name="TLS11">[TLS11]</a></dt>
+<dd><q>The TLS Protocol Version 1.1</q>,
+2006. See <a href="http://tools.ietf.org/html/rfc4346"
+>http://tools.ietf.org/html/rfc4346</a>.</dd>
+
+<dt><a id="TLS12" name="TLS12">[TLS12]</a></dt>
+<dd><q>The TLS Protocol Version 1.2</q>,
+2008. See <a href="http://tools.ietf.org/html/rfc5246"
+>http://tools.ietf.org/html/rfc5246</a>.</dd>
 </dl>
 </section>
 <!-- /references -->

Modified: httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_intro.xml.fr
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_intro.xml.fr?rev=1333999&r1=1333998&r2=1333999&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_intro.xml.fr (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_intro.xml.fr Fri May  4 14:42:35 2012
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="ISO-8859-1" ?>
 <!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision: 713605:1174747 (outdated) -->
+<!-- English revision : 1328589 -->
 <!-- French translation : Lucien GENTIS -->
 <!-- Reviewed by : Vincent Deffontaines -->
 
@@ -28,14 +28,6 @@
   <title>Chiffrement SSL/TLS fort :  Introduction</title>
 
 <summary>
-<blockquote>
-<p>Ce qui est agr&eacute;able avec les standards est d'avoir l'embarras du choix.
Et
-si certains standards ne vous conviennent pas vraiment, il vous suffit
-d'attendre un an pour voir appara&icirc;tre celui qui r&eacute;pondra &agrave;
vos attentes.</p>
-
-<p class="cite">-- <cite>A. Tanenbaum</cite>, "Introduction to
-Computer Networks"</p>
-</blockquote>
 
 <p>Ce chapitre en guise d'introduction est destin&eacute; aux lecteurs pour lesquels
 le Web, HTTP et Apache sont familiers, mais ne sont pas des experts en mati&egrave;re
@@ -47,19 +39,6 @@ une base de travail pour les utilisateur
 rassemblant diff&eacute;rents concepts, d&eacute;finitions et exemples comme point
de d&eacute;part
 pour une exploration plus d&eacute;taill&eacute;e.</p>
 
-<p>Le contenu s'inspire en grande partie, avec la permission de l'auteur,
-de l'article <a
-href="http://home.comcast.net/~fjhirsch/Papers/wwwj/">Introducing
-SSL and Certificates using SSLeay</a> de <a
-href="http://home.comcast.net/~fjhirsch/">Frederick J. Hirsch</a>, de
-l'Open Group Research Institute, publi&eacute; dans <a
-href="http://www.ora.com/catalog/wjsum97/">Web Security: A Matter of
-Trust</a>, World Wide Web Journal, Volume 2, Issue 3, Summer 1997. Vous
-pouvez envoyer toute remarque positive &agrave; <a
-href="mailto:hirsch@fjhirsch.com">Frederick Hirsch</a> (l'auteur de l'article
-original) et toute remarque n&eacute;gative &agrave; <a
-href="mailto:rse@engelschall.com">Ralf S. Engelschall</a> (l'auteur du module
-<module>mod_ssl</module>).</p>
 </summary>
 
 <section id="cryptographictech">
@@ -280,7 +259,7 @@ on utilise les certificats &agrave; des 
     <code>*.snakeoil.com</code>.</p>
 
     <p>Le format binaire d'un certificat est d&eacute;fini en utilisant la
-    notation ASN.1 [<a href="#X208">X208</a>] [<a href="#PKCS">PKCS</a>].
+    notation ASN.1 [<a href="#ASN1">ASN1</a>] [<a href="#PKCS">PKCS</a>].
     Cette notation definit la mani&egrave;re de sp&eacute;cifier les contenus, et
les r&egrave;gles
     d'encodage d&eacute;finissent la mani&egrave;re dont ces information sont converties
au
     format binaire. L'encodage binaire du certificat est d&eacute;fini par les R&egrave;gles
@@ -437,8 +416,7 @@ l'&eacute;tablissement de la session pro
         <th>Description</th>
         <th>Navigateurs support&eacute;s</th></tr>
     <tr><td>SSL v2.0</td>
-        <td>Standard du fournisseur (de Netscape Corp.) [<a href="#SSL2"
-        >SSL2</a>]</td>
+        <td>Standard du fournisseur (de Netscape Corp.)</td>
         <td>Premier protocole SSL pour lequel il existe des impl&eacute;mentations</td>
         <td>- NS Navigator 1.x/2.x<br />
         - MS IE 3.x<br />
@@ -459,6 +437,19 @@ l'&eacute;tablissement de la session pro
 	ajout du bourrage de bloc pour le chiffrement de bloc, standardisation
 	de l'ordonnancement des messages et plus de messages d'alerte.</td>
         <td>- Lynx/2.8+OpenSSL</td></tr>
+	<tr><td>TLS v1.1</td>
+        <td>Standard propos&eacute; pour l'Internet (de l'IETF) [<a href="#TLS11"
+        >TLS11</a>]</td>
+        <td>Mise &agrave; jour de TLS 1.0 pour la protection contre les
+	attaques de type Cipher block chaining (CBC).</td>
+        <td>-</td></tr>
+    <tr><td>TLS v1.2</td>
+        <td>Standard propos&eacute; pour l'Internet (de l'IETF) [<a href="#TLS12"
+        >TLS12</a>]</td>
+        <td>Mise &agrave; jour de TLS 1.2 rendant les condens&eacute;s MD5
obsol&egrave;tes,
+	et introduisant une incompatibilit&eacute; avec SSL ce qui interdit toute
+	n&eacute;gociation en vue d'une utilisation de SSLv2.</td>
+        <td>-</td></tr>
     </table>
 </section>
 
@@ -685,18 +676,16 @@ l'Internet Engineering Task Force (IETF)
 >http://www.counterpane.com/</a> pour diverses autres productions de Bruce
 Schneier.</dd>
 
-<dt><a id="X208" name="X208">[X208]</a></dt>
+<dt><a id="ASN1" name="ASN1">[ASN1]</a></dt>
 <dd>ITU-T Recommendation X.208, <q>Specification of Abstract Syntax Notation
-One (ASN.1)</q>, 1988. Voir par exemple <a
-href="http://www.itu.int/rec/recommendation.asp?type=items&amp;lang=e&amp;parent=T-REC-X.208-198811-I"
->http://www.itu.int/rec/recommendation.asp?type=items&amp;lang=e&amp;parent=T-REC-X.208-198811-I</a>.
+One (ASN.1)</q>, derni&egrave;re mise &agrave; jour en 2008. Voir <a
+href="http://www.itu.int/ITU-T/asn1/">http://www.itu.int/ITU-T/asn1/</a>.
 </dd>
 
 <dt><a id="X509" name="X509">[X509]</a></dt>
 <dd>ITU-T Recommendation X.509, <q>The Directory - Authentication
-Framework</q>. Voir par exemple <a
-href="http://www.itu.int/rec/recommendation.asp?type=folders&amp;lang=e&amp;parent=T-REC-X.509"
->http://www.itu.int/rec/recommendation.asp?type=folders&amp;lang=e&amp;parent=T-REC-X.509</a>.
+Framework</q>. A titre de r&eacute;f&eacute;rence, voir <a
+href="http://en.wikipedia.org/wiki/X.509">http://en.wikipedia.org/wiki/X.509</a>.
 </dd>
 
 <dt><a id="PKCS" name="PKCS">[PKCS]</a></dt>
@@ -708,13 +697,8 @@ href="http://www.rsasecurity.com/rsalabs
 <dt><a id="MIME" name="MIME">[MIME]</a></dt>
 <dd>N. Freed, N. Borenstein, <q>Multipurpose Internet Mail Extensions
 (MIME) Part One: Format of Internet Message Bodies</q>, RFC2045.
-Voir par exemple <a href="http://ietf.org/rfc/rfc2045.txt"
->http://ietf.org/rfc/rfc2045.txt</a>.</dd>
-
-<dt><a id="SSL2" name="SSL2">[SSL2]</a></dt>
-<dd>Kipp E.B. Hickman, <q>The SSL Protocol</q>, 1995. See <a
-href="http://www.netscape.com/eng/security/SSL_2.html"
->http://www.netscape.com/eng/security/SSL_2.html</a>.</dd>
+Voir par exemple <a
+href="http://tools.ietf.org/html/rfc2045">http://tools.ietf.org/html/rfc2045</a>.</dd>
 
 <dt><a id="SSL3" name="SSL3">[SSL3]</a></dt>
 <dd>Alan O. Freier, Philip Karlton, Paul C. Kocher, <q>The SSL Protocol
@@ -726,6 +710,16 @@ href="http://www.netscape.com/eng/ssl3/d
 <dd>Tim Dierks, Christopher Allen, <q>The TLS Protocol Version 1.0</q>,
 1999. Voir <a href="http://ietf.org/rfc/rfc2246.txt"
 >http://ietf.org/rfc/rfc2246.txt</a>.</dd>
+
+<dt><a id="TLS11" name="TLS11">[TLS11]</a></dt>
+<dd><q>Le protocole TLS Version 1.1</q>,
+2006. Voir <a href="http://tools.ietf.org/html/rfc4346"
+>http://tools.ietf.org/html/rfc4346</a>.</dd>
+
+<dt><a id="TLS12" name="TLS12">[TLS12]</a></dt>
+<dd><q>Le protocole TLS Version 1.2</q>,
+2008. Voir <a href="http://tools.ietf.org/html/rfc5246"
+>http://tools.ietf.org/html/rfc5246</a>.</dd>
 </dl>
 </section>
 <!-- /references -->



Mime
View raw message