<code>aNULL</code>, <code>eNULL</code> and <code>EXP</code> ciphers are always disabled

Return-Path: X-Original-To: apmail-httpd-cvs-archive@www.apache.org Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id EE9E7105C3 for ; Sun, 15 Feb 2015 10:57:07 +0000 (UTC) Received: (qmail 46304 invoked by uid 500); 15 Feb 2015 10:47:00 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 21098 invoked by uid 500); 15 Feb 2015 10:46:46 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 150 invoked by uid 99); 15 Feb 2015 09:16:33 -0000 Received: from eris.apache.org (HELO hades.apache.org) (140.211.11.105) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 15 Feb 2015 09:16:33 +0000 Received: from hades.apache.org (localhost [127.0.0.1]) by hades.apache.org (ASF Mail Server at hades.apache.org) with ESMTP id 5EE32AC0154 for ; Sun, 15 Feb 2015 09:16:33 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1659902 - /httpd/httpd/trunk/docs/manual/mod/ Date: Sun, 15 Feb 2015 09:16:32 -0000 To: cvs@httpd.apache.org From: jailletc36@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20150215091633.5EE32AC0154@hades.apache.org> Author: jailletc36 Date: Sun Feb 15 09:16:31 2015 New Revision: 1659902 URL: http://svn.apache.org/r1659902 Log: Synch some compatibility notes with 2.4.x Modified: httpd/httpd/trunk/docs/manual/mod/core.html.en httpd/httpd/trunk/docs/manual/mod/core.xml httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.html.en httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.xml httpd/httpd/trunk/docs/manual/mod/mod_auth_form.html.en httpd/httpd/trunk/docs/manual/mod/mod_auth_form.xml httpd/httpd/trunk/docs/manual/mod/mod_authn_socache.html.en httpd/httpd/trunk/docs/manual/mod/mod_authn_socache.xml httpd/httpd/trunk/docs/manual/mod/mod_cache_socache.html.en httpd/httpd/trunk/docs/manual/mod/mod_cache_socache.xml httpd/httpd/trunk/docs/manual/mod/mod_proxy.html.en httpd/httpd/trunk/docs/manual/mod/mod_proxy.xml httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml Modified: httpd/httpd/trunk/docs/manual/mod/core.html.en URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/core.html.en?rev=1659902&r1=1659901&r2=1659902&view=diff ============================================================================== --- httpd/httpd/trunk/docs/manual/mod/core.html.en (original) +++ httpd/httpd/trunk/docs/manual/mod/core.html.en Sun Feb 15 09:16:31 2015 @@ -465,7 +465,7 @@ NoDecode option available in 2.3.12 and (AddDescription, AddIcon, AddIconByEncoding, AddIconByType, - DefaultIcon, DirectoryIndex, , FallbackResource,FancyIndexing, HeaderName, IndexIgnore, IndexOptions, ReadmeName, + DefaultIcon, DirectoryIndex, FallbackResource, FancyIndexing, HeaderName, IndexIgnore, IndexOptions, ReadmeName, etc.).

Limit

@@ -3158,6 +3158,7 @@ resource Context:server config, virtual host Status:Core Module:core +Compatibility:2.4.10 and later

This directive controls whether HTTP trailers are copied into the internal representation of HTTP headers. This mergeing occurs when the Modified: httpd/httpd/trunk/docs/manual/mod/core.xml URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/core.xml?rev=1659902&r1=1659901&r2=1659902&view=diff ============================================================================== --- httpd/httpd/trunk/docs/manual/mod/core.xml (original) +++ httpd/httpd/trunk/docs/manual/mod/core.xml Sun Feb 15 09:16:31 2015 @@ -393,8 +393,8 @@ NoDecode option available in 2.3.12 and module="mod_autoindex">AddIconByEncoding, AddIconByType, DefaultIcon, DirectoryIndex, , FallbackResource,DirectoryIndex, FallbackResource, FancyIndexing, HeaderName, IndexIgnore, MergeTrailers [on|off] MergeTrailers off server configvirtual host +2.4.10 and later

This directive controls whether HTTP trailers are copied into the Modified: httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.html.en URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.html.en?rev=1659902&r1=1659901&r2=1659902&view=diff ============================================================================== --- httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.html.en (original) +++ httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.html.en Sun Feb 15 09:16:31 2015 @@ -95,6 +95,7 @@ username and password Override:AuthConfig Status:Base Module:mod_auth_basic +Compatibility:Apache HTTP Server 2.4.5 and later

The username and password specified are combined into an Authorization header, which is passed to the server or service @@ -191,6 +192,7 @@ Digest Authentication was in force inste Override:AuthConfig Status:Base Module:mod_auth_basic +Compatibility:Apache HTTP Server 2.4.7 and later

Normally, when using Basic Authentication, the providers listed in AuthBasicProvider Modified: httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.xml URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.xml?rev=1659902&r1=1659901&r2=1659902&view=diff ============================================================================== --- httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.xml (original) +++ httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.xml Sun Feb 15 09:16:31 2015 @@ -118,7 +118,7 @@ username and password directory.htaccess AuthConfig - +Apache HTTP Server 2.4.5 and later

The username and password specified are combined into an Authorization header, which is passed to the server or service @@ -190,6 +190,7 @@ Digest Authentication was in force inste directory.htaccess AuthConfig +Apache HTTP Server 2.4.7 and later

Normally, when using Basic Authentication, the providers listed in Modified: httpd/httpd/trunk/docs/manual/mod/mod_auth_form.html.en URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_auth_form.html.en?rev=1659902&r1=1659901&r2=1659902&view=diff ============================================================================== --- httpd/httpd/trunk/docs/manual/mod/mod_auth_form.html.en (original) +++ httpd/httpd/trunk/docs/manual/mod/mod_auth_form.html.en Sun Feb 15 09:16:31 2015 @@ -455,7 +455,8 @@ lower level modules Context:directory Status:Base Module:mod_auth_form -Compatibility:Available in Apache HTTP Server 2.3.0 and later +Compatibility:Available in Apache HTTP Server 2.3.0 and later. The use of the expression +parser has been added in 2.4.4.

The AuthFormLoginRequiredLocation directive specifies the URL to redirect to should the user not be authorised to view a page. The value @@ -478,7 +479,8 @@ lower level modules Context:directory Status:Base Module:mod_auth_form -Compatibility:Available in Apache HTTP Server 2.3.0 and later +Compatibility:Available in Apache HTTP Server 2.3.0 and later. The use of the expression +parser has been added in 2.4.4.

The AuthFormLoginSuccessLocation directive specifies the URL to redirect to should the user have logged in successfully. The value is @@ -500,7 +502,8 @@ lower level modules Context:directory Status:Base Module:mod_auth_form -Compatibility:Available in Apache HTTP Server 2.3.0 and later +Compatibility:Available in Apache HTTP Server 2.3.0 and later. The use of the expression +parser has been added in 2.4.4.

The AuthFormLogoutLocation directive specifies the URL of a page on the server to redirect to should the user attempt to log Modified: httpd/httpd/trunk/docs/manual/mod/mod_auth_form.xml URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_auth_form.xml?rev=1659902&r1=1659901&r2=1659902&view=diff ============================================================================== --- httpd/httpd/trunk/docs/manual/mod/mod_auth_form.xml (original) +++ httpd/httpd/trunk/docs/manual/mod/mod_auth_form.xml Sun Feb 15 09:16:31 2015 @@ -554,7 +554,8 @@ lower level modules none directory -Available in Apache HTTP Server 2.3.0 and later +Available in Apache HTTP Server 2.3.0 and later. The use of the expression +parser has been added in 2.4.4.

The AuthFormLoginRequiredLocation directive @@ -577,7 +578,8 @@ lower level modules none directory -Available in Apache HTTP Server 2.3.0 and later +Available in Apache HTTP Server 2.3.0 and later. The use of the expression +parser has been added in 2.4.4.

The AuthFormLoginSuccessLocation directive @@ -618,7 +620,8 @@ lower level modules none directory -Available in Apache HTTP Server 2.3.0 and later +Available in Apache HTTP Server 2.3.0 and later. The use of the expression +parser has been added in 2.4.4.

The AuthFormLogoutLocation directive Modified: httpd/httpd/trunk/docs/manual/mod/mod_authn_socache.html.en URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_authn_socache.html.en?rev=1659902&r1=1659901&r2=1659902&view=diff ============================================================================== --- httpd/httpd/trunk/docs/manual/mod/mod_authn_socache.html.en (original) +++ httpd/httpd/trunk/docs/manual/mod/mod_authn_socache.html.en Sun Feb 15 09:16:31 2015 @@ -186,6 +186,8 @@ AuthnCacheSOCache dbm Override:None Status:Base Module:mod_authn_socache +Compatibility:Optional provider arguments are available in +Apache HTTP Server 2.4.7 and later

This is a server-wide setting to select a provider for the shared object cache, followed by Modified: httpd/httpd/trunk/docs/manual/mod/mod_authn_socache.xml URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_authn_socache.xml?rev=1659902&r1=1659901&r2=1659902&view=diff ============================================================================== --- httpd/httpd/trunk/docs/manual/mod/mod_authn_socache.xml (original) +++ httpd/httpd/trunk/docs/manual/mod/mod_authn_socache.xml Sun Feb 15 09:16:31 2015 @@ -118,6 +118,8 @@ AuthnCacheSOCache dbm AuthnCacheSOCache provider-name[:provider-args] server config None +Optional provider arguments are available in +Apache HTTP Server 2.4.7 and later

This is a server-wide setting to select a provider for the Modified: httpd/httpd/trunk/docs/manual/mod/mod_cache_socache.html.en URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_cache_socache.html.en?rev=1659902&r1=1659901&r2=1659902&view=diff ============================================================================== --- httpd/httpd/trunk/docs/manual/mod/mod_cache_socache.html.en (original) +++ httpd/httpd/trunk/docs/manual/mod/mod_cache_socache.html.en Sun Feb 15 09:16:31 2015 @@ -92,7 +92,7 @@ CacheSocacheMaxSize 102400 Context:server config, virtual host Status:Extension Module:mod_cache_socache -Compatibility:Available in Apache 2.5 and later +Compatibility:Available in Apache 2.4.5 and later

The CacheSocache directive defines the name of the shared object cache implementation to use, followed by optional @@ -114,7 +114,7 @@ cache Context:server config, virtual host, directory, .htaccess Status:Extension Module:mod_cache_socache -Compatibility:Available in Apache 2.5 and later +Compatibility:Available in Apache 2.4.5 and later

The CacheSocacheMaxSize directive sets the maximum size, in bytes, for the combined headers and body of a document @@ -142,7 +142,7 @@ cache Context:server config, virtual host, directory, .htaccess Status:Extension Module:mod_cache_socache -Compatibility:Available in Apache 2.5 and later +Compatibility:Available in Apache 2.4.5 and later

The CacheSocacheMaxTime directive sets the maximum freshness lifetime, in seconds, for a document to be stored in @@ -163,7 +163,7 @@ cache Context:server config, virtual host, directory, .htaccess Status:Extension Module:mod_cache_socache -Compatibility:Available in Apache 2.5 and later +Compatibility:Available in Apache 2.4.5 and later

The CacheSocacheMinTime directive sets the amount of seconds beyond the freshness lifetime of the response that the @@ -185,7 +185,7 @@ cache Context:server config, virtual host, directory, .htaccess Status:Extension Module:mod_cache_socache -Compatibility:Available in Apache 2.5 and later +Compatibility:Available in Apache 2.4.5 and later

The CacheSocacheReadSize directive sets the minimum amount of data, in bytes, to be read from the backend before the @@ -212,7 +212,7 @@ cache Context:server config, virtual host, directory, .htaccess Status:Extension Module:mod_cache_socache -Compatibility:Available in Apache 2.5 and later +Compatibility:Available in Apache 2.4.5 and later

The CacheSocacheReadTime directive sets the minimum amount of elapsed time that should pass before making an attempt to send data Modified: httpd/httpd/trunk/docs/manual/mod/mod_cache_socache.xml URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_cache_socache.xml?rev=1659902&r1=1659901&r2=1659902&view=diff ============================================================================== --- httpd/httpd/trunk/docs/manual/mod/mod_cache_socache.xml (original) +++ httpd/httpd/trunk/docs/manual/mod/mod_cache_socache.xml Sun Feb 15 09:16:31 2015 @@ -75,7 +75,7 @@ CacheSocacheMaxSize 102400 CacheSocache type[:args] server configvirtual host -Available in Apache 2.5 and later +Available in Apache 2.4.5 and later

The CacheSocache directive defines the name of @@ -101,7 +101,7 @@ cache directory .htaccess -Available in Apache 2.5 and later +Available in Apache 2.4.5 and later

The CacheSocacheMaxTime directive sets the @@ -126,7 +126,7 @@ cache directory .htaccess -Available in Apache 2.5 and later +Available in Apache 2.4.5 and later

The CacheSocacheMinTime directive sets the @@ -152,7 +152,7 @@ cache directory .htaccess -Available in Apache 2.5 and later +Available in Apache 2.4.5 and later

The CacheSocacheMaxSize directive sets the @@ -184,7 +184,7 @@ cache directory .htaccess -Available in Apache 2.5 and later +Available in Apache 2.4.5 and later

The CacheSocacheReadSize directive sets the @@ -215,7 +215,7 @@ cache directory .htaccess -Available in Apache 2.5 and later +Available in Apache 2.4.5 and later

The CacheSocacheReadTime directive sets the minimum amount Modified: httpd/httpd/trunk/docs/manual/mod/mod_proxy.html.en URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_proxy.html.en?rev=1659902&r1=1659901&r2=1659902&view=diff ============================================================================== --- httpd/httpd/trunk/docs/manual/mod/mod_proxy.html.en (original) +++ httpd/httpd/trunk/docs/manual/mod/mod_proxy.html.en Sun Feb 15 09:16:31 2015 @@ -988,6 +988,7 @@ through Context:server config, virtual host, directory Status:Extension Module:mod_proxy +Compatibility:Unix Domain Socket (UDS) support added in 2.4.7

This directive allows remote servers to be mapped into the space of the local server; the local server does not act as a @@ -1004,7 +1005,7 @@ through usually be set off when using ProxyPass. -

Support for using a Unix Domain Socket is available by using a url target +

In 2.4.7 and later, support for using a Unix Domain Socket is available by using a target which prepends unix:/path/lis.sock|. For example, to proxy HTTP and target the UDS at /home/www/socket you would use unix:/home/www.socket|http://localhost/whatever/. Since Modified: httpd/httpd/trunk/docs/manual/mod/mod_proxy.xml URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_proxy.xml?rev=1659902&r1=1659901&r2=1659902&view=diff ============================================================================== --- httpd/httpd/trunk/docs/manual/mod/mod_proxy.xml (original) +++ httpd/httpd/trunk/docs/manual/mod/mod_proxy.xml Sun Feb 15 09:16:31 2015 @@ -849,6 +849,7 @@ expressions server configvirtual host directory +Unix Domain Socket (UDS) support added in 2.4.7

This directive allows remote servers to be mapped into the @@ -867,7 +868,7 @@ expressions usually be set off when using ProxyPass. -

Support for using a Unix Domain Socket is available by using a url target +

In 2.4.7 and later, support for using a Unix Domain Socket is available by using a target which prepends unix:/path/lis.sock|. For example, to proxy HTTP and target the UDS at /home/www/socket you would use unix:/home/www.socket|http://localhost/whatever/. Since Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en?rev=1659902&r1=1659901&r2=1659902&view=diff ============================================================================== --- httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en (original) +++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en Sun Feb 15 09:16:31 2015 @@ -517,9 +517,8 @@ contains the appropriate symbolic links. Module:mod_ssl

SSLCertificateChainFile is deprecated

SSLCertificateChainFile became obsolete with version -2.5.0-dev as of 2013-12-28, when -SSLCertificateFile +

SSLCertificateChainFile became obsolete with version 2.4.8, +when SSLCertificateFile was extended to also load intermediate CA certificates from the server certificate file.

@@ -563,16 +562,16 @@ confused in this situation.

This directive points to a file with certificate data in PEM format. At a minimum, the file must include an end-entity (leaf) certificate. -Beginning with version 2.5.0-dev as of 2013-12-28, it may also -include intermediate CA certificates, sorted from leaf to root, -and obsoletes SSLCertificateChainFile. +Beginning with version 2.4.8, it may also include intermediate CA +certificates, sorted from leaf to root, and obsoletes +SSLCertificateChainFile.

Additional optional elements are DH parameters and/or an EC curve name for ephemeral keys, as generated by openssl dhparam and -openssl ecparam, respectively (supported in version 2.5.0-dev -as of 2013-09-29), and finally, the end-entity certificate's private key. +openssl ecparam, respectively (supported in version 2.4.7 +or later) and finally, the end-entity certificate's private key. If the private key is encrypted, the pass phrase dialog is forced at startup time.

@@ -751,7 +750,7 @@ prefixes are:

`aNULL`, `eNULL` and `EXP` ciphers are always disabled

Beginning with version 2.5.0-dev as of 2013-09-25, null and export-grade +

Beginning with version 2.4.7, null and export-grade ciphers are always disabled, as mod_ssl unconditionally prepends any supplied cipher suite string with !aNULL:!eNULL:!EXP: at initialization.

@@ -1074,7 +1073,7 @@ which means that OCSP responses are cons Context:server config, virtual host Status:Extension Module:mod_ssl -Compatibility:Available in httpd 2.5-dev and later +Compatibility:Available in httpd 2.4.10 and later

This option determines whether queries to OCSP responders should contain a nonce or not. By default, a query nonce is always used and checked against @@ -1501,7 +1500,7 @@ compared against the hostname of the req a 502 status code (Bad Gateway) is sent.

-SSLProxyCheckPeerCN has been superseded by +In 2.4.5 and later, SSLProxyCheckPeerCN has been superseded by SSLProxyCheckPeerName, and its setting is only taken into account when SSLProxyCheckPeerName off is specified at the same time. @@ -1540,6 +1539,7 @@ sent. Context:server config, virtual host Status:Extension Module:mod_ssl +Compatibility:Apache HTTP Server 2.4.5 and later

This directive configures host name checking for server certificates @@ -2122,6 +2122,7 @@ in the Session Cache Context:server config, virtual host Status:Extension Module:mod_ssl +Compatibility:Applies also to RFC 5077 TLS session resumption in Apache 2.4.10 and later

This directive sets the timeout in seconds for the information stored in the Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml?rev=1659902&r1=1659901&r2=1659902&view=diff ============================================================================== --- httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml (original) +++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml Sun Feb 15 09:16:31 2015 @@ -500,6 +500,7 @@ in the Session Cache SSLSessionCacheTimeout 300 server config virtual host +Applies also to RFC 5077 TLS session resumption in Apache 2.4.10 and later

@@ -737,7 +738,7 @@ prefixes are:

<code>aNULL</code>, <code>eNULL</code> and <code>EXP</code> ciphers are always disabled -

Beginning with version 2.5.0-dev as of 2013-09-25, null and export-grade +

Beginning with version 2.4.7, null and export-grade ciphers are always disabled, as mod_ssl unconditionally prepends any supplied cipher suite string with !aNULL:!eNULL:!EXP: at initialization.

@@ -815,16 +816,16 @@ SSLCipherSuite RSA:!EXP:!NULL:+HIGH:+MED

This directive points to a file with certificate data in PEM format. At a minimum, the file must include an end-entity (leaf) certificate. -Beginning with version 2.5.0-dev as of 2013-12-28, it may also -include intermediate CA certificates, sorted from leaf to root, -and obsoletes SSLCertificateChainFile. +Beginning with version 2.4.8, it may also include intermediate CA +certificates, sorted from leaf to root, and obsoletes +SSLCertificateChainFile.

@@ -908,9 +909,8 @@ SSLCertificateKeyFile /usr/local/apache2 SSLCertificateChainFile is deprecated -

SSLCertificateChainFile became obsolete with version -2.5.0-dev as of 2013-12-28, when -SSLCertificateFile +

SSLCertificateChainFile became obsolete with version 2.4.8, +when SSLCertificateFile was extended to also load intermediate CA certificates from the server certificate file.

@@ -1258,7 +1258,6 @@ SSLVerifyDepth 10 Available in httpd 2.4.4 and later, if using OpenSSL 1.0.1 or later -

This directive enables TLS-SRP and sets the path to the OpenSSL SRP (Secure @@ -1843,7 +1842,7 @@ compared against the hostname of the req a 502 status code (Bad Gateway) is sent.

-SSLProxyCheckPeerCN has been superseded by +In 2.4.5 and later, SSLProxyCheckPeerCN has been superseded by SSLProxyCheckPeerName, and its setting is only taken into account when SSLProxyCheckPeerName off is specified at the same time. @@ -1864,6 +1863,7 @@ SSLProxyCheckPeerCN on SSLProxyCheckPeerName on server config virtual host +Apache HTTP Server 2.4.5 and later

@@ -2289,7 +2289,7 @@ which means that OCSP responses are cons SSLOCSPUseRequestNonce on server config virtual host -Available in httpd 2.5-dev and later +Available in httpd 2.4.10 and later

This option determines whether queries to OCSP responders should contain

SSLCertificateChainFile is deprecated

aNULL, eNULL and EXP ciphers are always disabled

`aNULL`, `eNULL` and `EXP` ciphers are always disabled