|
 |
b7538d |
From 3537472b0a55c72fb5dea022ff3be7abddab055a Mon Sep 17 00:00:00 2001
|
|
|
b7538d |
From: Matthew Harmsen <mharmsen@redhat.com>
|
|
|
b7538d |
Date: Tue, 28 Jul 2015 14:17:57 -0600
|
|
|
b7538d |
Subject: [PATCH] doc changes
|
|
|
b7538d |
|
|
|
b7538d |
- Bugzilla Bug #1066236 - mod_nss: documentation formatting fixes [rhel-7.1]
|
|
|
b7538d |
---
|
|
|
b7538d |
docs/mod_nss.html | 15 ++++++++-------
|
|
|
b7538d |
1 file changed, 8 insertions(+), 7 deletions(-)
|
|
|
b7538d |
|
|
|
b7538d |
diff --git a/docs/mod_nss.html b/docs/mod_nss.html
|
|
|
b7538d |
index 2d349b6..19d8fef 100644
|
|
|
b7538d |
--- a/docs/mod_nss.html
|
|
|
b7538d |
+++ b/docs/mod_nss.html
|
|
|
b7538d |
@@ -398,7 +398,7 @@ Deprecated.
|
|
|
b7538d |
|
|
|
b7538d |
<big><big>NSSSession3CacheTimeout
|
|
|
b7538d |
</big></big>
|
|
|
b7538d |
-Specifies the number of seconds SSL 3 sessions are cached.
|
|
|
b7538d |
+Specifies the number of seconds SSLv3 sessions are cached.
|
|
|
b7538d |
|
|
|
b7538d |
The valid range is 5 - 86400 seconds. A setting outside the valid
|
|
|
b7538d |
range is silently constrained.
|
|
|
b7538d |
@@ -453,7 +453,7 @@ Example
|
|
|
b7538d |
|
|
|
b7538d |
Enables or disables FIPS 140 mode. This replaces the standard
|
|
|
b7538d |
internal PKCS#11 module with a FIPS-enabled one. It also forces the
|
|
|
b7538d |
-enabled protocols to TLSv1.2, TLSv1.1 and TLS v1.0 and disables all ciphers
|
|
|
b7538d |
+enabled protocols to TLSv1.2, TLSv1.1 and TLSv1.0 and disables all ciphers
|
|
|
b7538d |
but the FIPS ones. You may still select which ciphers you would like
|
|
|
b7538d |
limited to those that are FIPS-certified. Any non-FIPS that are
|
|
|
b7538d |
included in the NSSCipherSuite entry are automatically disabled.
|
|
|
b7538d |
@@ -881,8 +881,8 @@ and the maximum allowed protocols based upon these entries allowing for the
|
|
|
b7538d |
inclusion of every protocol in-between. For example, if only SSLv3 and TLSv1.1
|
|
|
b7538d |
are specified, SSLv3, TLSv1.0, and TLSv1.1 will all be allowed, as NSS utilizes
|
|
|
b7538d |
protocol ranges to accept all protocols inclusively
|
|
|
b7538d |
-(TLS 1.1 -> TLS 1.0 -> SSL 3.0), and does not allow exclusion of any protocols
|
|
|
b7538d |
-in the middle of a range (e. g. - TLS 1.0).
|
|
|
b7538d |
+(TLSv1.1 -> TLSv1.0 -> SSLv3.0), and does not allow exclusion of any protocols
|
|
|
b7538d |
+in the middle of a range (e. g. - TLSv1.0).
|
|
|
b7538d |
|
|
|
b7538d |
Finally, NSS will always automatically negotiate the use of the strongest
|
|
|
b7538d |
possible protocol that has been specified which is acceptable to both sides of
|
|
|
b7538d |
@@ -1505,9 +1505,10 @@ certutil: certificate is valid
|
|
|
b7538d |
|
|
|
b7538d |
Why is SSLv2 disabled?
|
|
|
b7538d |
All major browsers (Firefox, Internet Explorer, Mozilla, Netscape, Opera, and
|
|
|
b7538d |
-Safari) support SSL 3 and TLS so there is no need for a web server to support
|
|
|
b7538d |
-SSL 2. There are some known attacks against SSL 2 that are handled by SSL
|
|
|
b7538d |
-3/TLS. SSL2 also doesn't support useful features like client authentication.
|
|
|
b7538d |
+Safari) support SSLv3 and TLS so there is no need for a web server to support
|
|
|
b7538d |
+SSLv2. There are some known attacks against SSLv2 that are handled by
|
|
|
b7538d |
+SSLv3/TLS. SSLv2 also doesn't support useful features like client
|
|
|
b7538d |
+authentication.
|
|
|
b7538d |
|
|
|
b7538d |
|
|
|
b7538d |
Frequently Asked Questions
|
|
|
b7538d |
--
|
|
|
b7538d |
1.8.3.1
|
|
|
b7538d |
|