Return-Path: Delivered-To: apmail-httpd-docs-archive@www.apache.org Received: (qmail 45987 invoked from network); 10 Jan 2011 16:38:01 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 10 Jan 2011 16:38:01 -0000 Received: (qmail 89028 invoked by uid 500); 10 Jan 2011 16:38:01 -0000 Delivered-To: apmail-httpd-docs-archive@httpd.apache.org Received: (qmail 88862 invoked by uid 500); 10 Jan 2011 16:38:01 -0000 Mailing-List: contact docs-help@httpd.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: docs@httpd.apache.org List-Id: Delivered-To: mailing list docs@httpd.apache.org Received: (qmail 88842 invoked by uid 99); 10 Jan 2011 16:38:00 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 10 Jan 2011 16:38:00 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of i.galic@brainsware.org designates 188.40.115.121 as permitted sender) Received: from [188.40.115.121] (HELO mail.brainsware.org) (188.40.115.121) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 10 Jan 2011 16:37:55 +0000 Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.brainsware.org (Postfix) with ESMTP id 392DA1DE3E1 for ; Mon, 10 Jan 2011 16:37:34 +0000 (UTC) X-Virus-Scanned: amavisd-new at brainsware.org Received: from mail.brainsware.org ([127.0.0.1]) by localhost (mail.brainsware.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b3uE2Z2044Ci for ; Mon, 10 Jan 2011 16:37:32 +0000 (UTC) Received: from mail.brainsware.org (mail.brainsware.org [188.40.115.121]) by mail.brainsware.org (Postfix) with ESMTP id 40FDA1DE3CD for ; Mon, 10 Jan 2011 16:37:32 +0000 (UTC) Date: Mon, 10 Jan 2011 16:37:32 +0000 (UTC) From: =?utf-8?Q?Igor_Gali=C4=87?= To: docs@httpd.apache.org Message-ID: <254583916.7612.1294677452150.JavaMail.root@iris> In-Reply-To: <471621995.7610.1294677238986.JavaMail.root@iris> Subject: Re: mod_ssl and SSL how-to MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Originating-IP: [195.72.132.1] X-Mailer: Zimbra 6.0.5_GA_2213.DEBIAN5_64 (ZimbraWebClient - FF3.0 ([unknown])/6.0.5_GA_2213.DEBIAN5_64) ----- "Lucien Gentis" wrote: > Hello, >=20 > I think a good start point could be the file conf/extra/httpd-ssl.conf > from install directory. Yesno.. Aside from being too much (comments) and too long, it also has hints like # See the mod_ssl documentation for a complete list. Which in case of SSLCipherSuite just isn't true. We cannot provide a complete list of SSLCipherSuites -- they highly depend on your installation, on the moon-phase, the version of your SSL library, what animal you sacrificed to Dionysus and how you mismanaged to compile mod_ssl against that. > All necessary directives are there with comments. And some more. Which are unnecessary, or which should have sane defaults. In some cases the (sane) defaults are reproduced. Which again seems unnecessary. I think the .conf files are the wrong place to put this kind of documentation > Le 9 janv. 2011 =C3=A0 22:10, Rich Bowen a =C3=A9crit : >=20 > > Yes that is kind of the obvious thing to have in there. > >=20 > > -- > > Rich Bowen > >=20 > > On Jan 9, 2011, at 3:07 PM, Eric Covener wrote: > >=20 > >> It's kind of interesting that neither of these documents tells you > how > >> to setup a basic SSL-speaking virtual host. > >>=20 > >> e.g. > >>=20 > >> * create a self-signed certificate or certificate request > >> * add a listen directive > >> * add a VH *:443 > >> * add cert-related directives > >> * passphrase stuff > >>=20 > >> Any reason not to kick-off the Howto with this or am I missing > something? I think we need to cover the other FAQ as well: How to do client certificate authnz. I suggest we do just that: Start a wiki page, and give it three or so weeks to mature.. then have it reviewed and replace the current SSL HOWTOs. As for extras/httpd-ssl.conf.in ... I suppose someone from dev@ will have their say as well.. i --=20 Igor Gali=C4=87 Tel: +43 (0) 664 886 22 883 Mail: i.galic@brainsware.org URL: http://brainsware.org/ --------------------------------------------------------------------- To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org For additional commands, e-mail: docs-help@httpd.apache.org