diff options
| author | Stefan Fritsch <sf@apache.org> | 2013-08-02 23:40:51 +0200 |
|---|---|---|
| committer | Stefan Fritsch <sf@apache.org> | 2013-08-02 23:40:51 +0200 |
| commit | 2afcf60578518a8ab168900be4c5d955383c3b2d (patch) | |
| tree | 5ed0bd4f66bc6f6b832839cd3f63ddca7ca12290 /docs | |
| parent | Rebuilds recent changes (diff) | |
| download | apache2-2afcf60578518a8ab168900be4c5d955383c3b2d.tar.xz apache2-2afcf60578518a8ab168900be4c5d955383c3b2d.zip | |
Mention ECC support
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1509872 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/manual/mod/mod_ssl.xml | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml index 87a23e1eee..d4b26f3b80 100644 --- a/docs/manual/mod/mod_ssl.xml +++ b/docs/manual/mod/mod_ssl.xml @@ -297,12 +297,12 @@ query can be done in two ways which can be configured by Here an external program is configured which is called at startup for each encrypted Private Key file. It is called with two arguments (the first is of the form ``<code>servername:portnumber</code>'', the second is either - ``<code>RSA</code>'' or ``<code>DSA</code>''), which indicate for which - server and algorithm it has to print the corresponding Pass Phrase to - <code>stdout</code>. The intent is that this external program first runs - security checks to make sure that the system is not compromised by an - attacker, and only when these checks were passed successfully it provides - the Pass Phrase.</p> + ``<code>RSA</code>'', ``<code>DSA</code>'', or ``<code>ECC</code>''), which + indicate for which server and algorithm it has to print the corresponding + Pass Phrase to <code>stdout</code>. The intent is that this external + program first runs security checks to make sure that the system is not + compromised by an attacker, and only when these checks were passed + successfully it provides the Pass Phrase.</p> <p> Both these security checks, and the way the Pass Phrase is determined, can be as complex as you like. Mod_ssl just defines the interface: an @@ -803,8 +803,8 @@ This directive points to the PEM-encoded Certificate file for the server and optionally also to the corresponding RSA or DSA Private Key file for it (contained in the same file). If the contained Private Key is encrypted the Pass Phrase dialog is forced at startup time. This directive can be used up to -two times (referencing different filenames) when both a RSA and a DSA based -server certificate is used in parallel.</p> +three times (referencing different filenames) when both a RSA, a DSA, and an +ECC based server certificate is used in parallel.</p> <example><title>Example</title> <highlight language="config"> SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt @@ -831,8 +831,8 @@ contains both the Certificate and the Private Key this directive need not be used. But we strongly discourage this practice. Instead we recommend you to separate the Certificate and the Private Key. If the contained Private Key is encrypted, the Pass Phrase dialog is forced -at startup time. This directive can be used up to two times -(referencing different filenames) when both a RSA and a DSA based +at startup time. This directive can be used up to three times +(referencing different filenames) when both a RSA, a DSA, and an ECC based private key is used in parallel.</p> <example><title>Example</title> <highlight language="config"> |