httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Galić <i.ga...@brainsware.org>
Subject Re: mod_ssl and SSL how-to
Date Mon, 10 Jan 2011 16:37:32 GMT

----- "Lucien Gentis" <lucien.gentis@lorraine.iufm.fr> wrote:

> Hello,
> 
> I think a good start point could be the file conf/extra/httpd-ssl.conf
> from install directory.

Yesno..

Aside from being too much (comments) and too long, it also has hints like


#   See the mod_ssl documentation for a complete list.

Which in case of SSLCipherSuite just isn't true.
We cannot provide a complete list of SSLCipherSuites -- they highly depend
on your installation, on the moon-phase, the version of your SSL library,
what animal you sacrificed to Dionysus and how you mismanaged to compile
mod_ssl against that.

> All necessary directives are there with comments.

And some more. Which are unnecessary, or which should have sane defaults.
In some cases the (sane) defaults are reproduced. Which again seems
unnecessary.

I think the .conf files are the wrong place to put this kind of
documentation

> Le 9 janv. 2011 à 22:10, Rich Bowen a écrit :
> 
> > Yes that is kind of the obvious thing to have in there.
> > 
> > --
> > Rich Bowen
> > 
> > On Jan 9, 2011, at 3:07 PM, Eric Covener <covener@gmail.com> wrote:
> > 
> >> It's kind of interesting that neither of these documents tells you
> how
> >> to setup a basic SSL-speaking virtual host.
> >> 
> >> e.g.
> >> 
> >> * create a self-signed certificate or certificate request
> >> * add a listen directive
> >> * add a VH *:443
> >> * add cert-related directives
> >> * passphrase stuff
> >> 
> >> Any reason not to kick-off the Howto with this or am I missing
> something?

I think we need to cover the other FAQ as well: How to do client
certificate authnz.

I suggest we do just that: Start a wiki page, and give it three or
so weeks to mature.. then have it reviewed and replace the current
SSL HOWTOs.

As for extras/httpd-ssl.conf.in ... I suppose someone from dev@
will have their say as well..


i

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message