httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mads Toftum <>
Subject Re: A review of SSL docs WAS Re: A proposal from Symantec for cleaning up the SSL-related documentation for Apache's HTTPD
Date Wed, 04 Apr 2012 23:42:36 GMT
On Wed, Apr 04, 2012 at 06:20:48PM -0500, Daniel Ruggeri wrote:
> I have reviewed these docs, Rich, and have some notes to provide. I'd
> like if other folks would have a look, too, so we can maybe get things
> in good shape sooner rather than later. I'm ready to move on a few
> things but would like to get consensus on two things below...
> - The examples are
> still valid in today's world. I'm not sure if this particular doc is the
> place.... but having SSL proxy examples would also be helpful since all
> of those directives actually come from mod_ssl (and there are pointers
> in the proxy doco to mod_ssl). Thoughts?

I think this would be a good place for a proxy example. Looking for 2
seconds, I think the logging section could do with some more work.
> - No rubbish here.
> I think this document is outstanding.

> - This document
> may no longer be relevant. There have been so many changes since
> creation that I think this doc could be scrapped or repurposed to
> discuss integration issues only. Some examples would include notes about
> older browsers and supported levels of crypto, the emergence of TLS1.1,
> SNI and compatible browsers, OCSP, etc. I'm willing to take a whack at
> it and will write a bug to make myself do it in the coming days if the
> list agrees.

What's there now is ancient and could be dropped.
> - Could use a
> general refreshing... most of the content isn't bad, but it could stand
> to be reorganized. Does anyone else kind of feel like this kind of
> document would be better served as a wiki article?
Given the complexity of SSL in general, I prefer we keep the faq where
it is rather than abandon it on the wiki. But +1 to a cleanup.
> By the way, great job on these docs. SSL is a tough topic and I think
> there is more than enough content here to get someone going and keep
> them going for a while. It reads like an expert wrote it for fledgeling
> server admin and I'm not sure I agree with a lot of the assertions made
> about the content recently.
Agreed 100%. Most of the credit goes to Ralf S Engelschall who wrote
mod_ssl and most of the docs in question. Little has happened to them
since then. I think some of the assertions come from people who don't
appreciate his style of writing - much of his original mod_rewrite
documentation got butchered on a similar background.


Mads Toftum

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message