On Apr 4, 2012, at 7:20 PM, Daniel Ruggeri wrote:

http://httpd.apache.org/docs/trunk/ssl/ssl_howto.html - The examples are
still valid in today's world. I'm not sure if this particular doc is the
place.... but having SSL proxy examples would also be helpful since all
of those directives actually come from mod_ssl (and there are pointers
in the proxy doco to mod_ssl). Thoughts?

Yes, that would be awesome.

http://httpd.apache.org/docs/trunk/ssl/ssl_intro.html - No rubbish here.
I think this document is outstanding.


http://httpd.apache.org/docs/trunk/ssl/ssl_compat.html - This document
may no longer be relevant. There have been so many changes since
creation that I think this doc could be scrapped or repurposed to
discuss integration issues only. Some examples would include notes about
older browsers and supported levels of crypto, the emergence of TLS1.1,
SNI and compatible browsers, OCSP, etc. I'm willing to take a whack at
it and will write a bug to make myself do it in the coming days if the
list agrees.

http://httpd.apache.org/docs/trunk/ssl/ssl_faq.html - Could use a
general refreshing... most of the content isn't bad, but it could stand
to be reorganized. Does anyone else kind of feel like this kind of
document would be better served as a wiki article?

I don't much care where the doc is, as long as everything is interlinked so that someone doesn't have to go hunting for it. Having it in the doc, rather than in the wiki, has the advantage that it's there on an installed system and accessible without going out to the network.

By the way, great job on these docs. SSL is a tough topic and I think
there is more than enough content here to get someone going and keep
them going for a while. It reads like an expert wrote it for fledgeling
server admin and I'm not sure I agree with a lot of the assertions made
about the content recently.

Those comments come entirely from my ignorance of the topic. My apologies.

Rich Bowen
rbowen@rcbowen.com :: @rbowen