httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s.@apache.org
Subject svn commit: r1509872 - /httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml
Date Fri, 02 Aug 2013 21:40:51 GMT
Author: sf
Date: Fri Aug  2 21:40:51 2013
New Revision: 1509872

URL: http://svn.apache.org/r1509872
Log:
Mention ECC support

Modified:
    httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml

Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml?rev=1509872&r1=1509871&r2=1509872&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml Fri Aug  2 21:40:51 2013
@@ -297,12 +297,12 @@ query can be done in two ways which can 
     Here an external program is configured which is called at startup for each
     encrypted Private Key file. It is called with two arguments (the first is
     of the form ``<code>servername:portnumber</code>'', the second is either
-    ``<code>RSA</code>'' or ``<code>DSA</code>''), which indicate
for which
-    server and algorithm it has to print the corresponding Pass Phrase to
-    <code>stdout</code>. The intent is that this external program first runs
-    security checks to make sure that the system is not compromised by an
-    attacker, and only when these checks were passed successfully it provides
-    the Pass Phrase.</p>
+    ``<code>RSA</code>'', ``<code>DSA</code>'', or ``<code>ECC</code>''),
which
+    indicate for which server and algorithm it has to print the corresponding
+    Pass Phrase to <code>stdout</code>.  The intent is that this external
+    program first runs security checks to make sure that the system is not
+    compromised by an attacker, and only when these checks were passed
+    successfully it provides the Pass Phrase.</p>
     <p>
     Both these security checks, and the way the Pass Phrase is determined, can
     be as complex as you like. Mod_ssl just defines the interface: an
@@ -803,8 +803,8 @@ This directive points to the PEM-encoded
 optionally also to the corresponding RSA or DSA Private Key file for it
 (contained in the same file). If the contained Private Key is encrypted the
 Pass Phrase dialog is forced at startup time. This directive can be used up to
-two times (referencing different filenames) when both a RSA and a DSA based
-server certificate is used in parallel.</p>
+three times (referencing different filenames) when both a RSA, a DSA, and an
+ECC based server certificate is used in parallel.</p>
 <example><title>Example</title>
 <highlight language="config">
 SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt
@@ -831,8 +831,8 @@ contains both the Certificate and the Pr
 not be used. But we strongly discourage this practice.  Instead we
 recommend you to separate the Certificate and the Private Key. If the
 contained Private Key is encrypted, the Pass Phrase dialog is forced
-at startup time. This directive can be used up to two times
-(referencing different filenames) when both a RSA and a DSA based
+at startup time. This directive can be used up to three times
+(referencing different filenames) when both a RSA, a DSA, and an ECC based
 private key is used in parallel.</p>
 <example><title>Example</title>
 <highlight language="config">



Mime
View raw message