diff options
author | Joe Orton <jorton@apache.org> | 2022-01-04 08:38:32 +0000 |
---|---|---|
committer | Joe Orton <jorton@apache.org> | 2022-01-04 08:38:32 +0000 |
commit | 238789798392c44f24304ade592e1a6a83f287f2 (patch) | |
tree | 2fce5b1c58c973c7972ae3a02191a12923f39c45 | |
parent | 371f5669ca223c629d2c748237ea5831f288e896 (diff) | |
download | httpd-238789798392c44f24304ade592e1a6a83f287f2.tar.gz |
Recommend against using SSLOpenSSLConfCmd in preference to mod_ssl
directives, and add warning on stability/compatibility.
(e.g. PR: 65764)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1896664 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | docs/manual/mod/mod_ssl.xml | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml index 8168c1738e..e196e6e2fd 100644 --- a/docs/manual/mod/mod_ssl.xml +++ b/docs/manual/mod/mod_ssl.xml @@ -2946,13 +2946,6 @@ depends on the OpenSSL version being used for <module>mod_ssl</module> names, see the section <em>Supported configuration file commands</em> in the <a href="http://www.openssl.org/docs/man1.0.2/ssl/SSL_CONF_cmd.html#SUPPORTED-CONFIGURATION-FILE-COMMANDS">SSL_CONF_cmd(3)</a> manual page for OpenSSL.</p> -<p>Some of the <directive>SSLOpenSSLConfCmd</directive> commands can be used -as an alternative to existing directives (such as -<directive module="mod_ssl">SSLCipherSuite</directive> or -<directive module="mod_ssl">SSLProtocol</directive>), -though it should be noted that the syntax / allowable values for the parameters -may sometimes differ.</p> - <example><title>Examples</title> <highlight language="config"> SSLOpenSSLConfCmd Options -SessionTicket,ServerPreference @@ -2962,6 +2955,23 @@ SSLOpenSSLConfCmd Protocol "-ALL, TLSv1.2" SSLOpenSSLConfCmd SignatureAlgorithms RSA+SHA384:ECDSA+SHA256 </highlight> </example> + +<note type="warning"><title>Compatibility and Stability +warning</title> + +<p>Some of the <directive>SSLOpenSSLConfCmd</directive> commands can be used +as an alternative to existing directives (such as +<directive module="mod_ssl">SSLCipherSuite</directive> or +<directive module="mod_ssl">SSLProtocol</directive>), +though the syntax / allowable values for the parameters may sometimes differ.</p> + +<p>It is recommended that directives provided by mod_ssl are used +where available to configure OpenSSL, and +<directive>SSLOpenSSLConfCmd</directive> is only used for features of +OpenSSL which are not configurable by mod_ssl. It is possible that +mod_ssl behaviour will change across versions of httpd where +<directive>SSLOpenSSLConfCmd</directive> is used.</p> +</note> </usage> </directivesynopsis> |