From 3537472b0a55c72fb5dea022ff3be7abddab055a Mon Sep 17 00:00:00 2001 From: Matthew Harmsen Date: Tue, 28 Jul 2015 14:17:57 -0600 Subject: [PATCH] doc changes - Bugzilla Bug #1066236 - mod_nss: documentation formatting fixes [rhel-7.1] --- docs/mod_nss.html | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/docs/mod_nss.html b/docs/mod_nss.html index 2d349b6..19d8fef 100644 --- a/docs/mod_nss.html +++ b/docs/mod_nss.html @@ -398,7 +398,7 @@ Deprecated.

NSSSession3CacheTimeout

-Specifies the number of seconds SSL 3 sessions are cached.
+Specifies the number of seconds SSLv3 sessions are cached.

The valid range is 5 - 86400 seconds. A setting outside the valid range is silently constrained.
@@ -453,7 +453,7 @@ Example

Enables or disables FIPS 140 mode. This replaces the standard internal PKCS#11 module with a FIPS-enabled one. It also forces the -enabled protocols to TLSv1.2, TLSv1.1 and TLS v1.0 and disables all ciphers +enabled protocols to TLSv1.2, TLSv1.1 and TLSv1.0 and disables all ciphers but the FIPS ones. You may still select which ciphers you would like limited to those that are FIPS-certified. Any non-FIPS that are included in the NSSCipherSuite entry are automatically disabled. @@ -881,8 +881,8 @@ and the maximum allowed protocols based upon these entries allowing for the inclusion of every protocol in-between. For example, if only SSLv3 and TLSv1.1 are specified, SSLv3, TLSv1.0, and TLSv1.1 will all be allowed, as NSS utilizes protocol ranges to accept all protocols inclusively -(TLS 1.1 -> TLS 1.0 -> SSL 3.0), and does not allow exclusion of any protocols -in the middle of a range (e. g. - TLS 1.0).
+(TLSv1.1 -> TLSv1.0 -> SSLv3.0), and does not allow exclusion of any protocols +in the middle of a range (e. g. - TLSv1.0).

Finally, NSS will always automatically negotiate the use of the strongest possible protocol that has been specified which is acceptable to both sides of @@ -1505,9 +1505,10 @@ certutil: certificate is valid

Why is SSLv2 disabled?

All major browsers (Firefox, Internet Explorer, Mozilla, Netscape, Opera, and -Safari) support SSL 3 and TLS so there is no need for a web server to support -SSL 2. There are some known attacks against SSL 2 that are handled by SSL -3/TLS. SSL2 also doesn't support useful features like client authentication. +Safari) support SSLv3 and TLS so there is no need for a web server to support +SSLv2. There are some known attacks against SSLv2 that are handled by +SSLv3/TLS. SSLv2 also doesn't support useful features like client +authentication.

Frequently Asked Questions

-- 1.8.3.1