summaryrefslogtreecommitdiffstats
path: root/docs/mod_nss.html
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2014-10-16 14:05:05 -0400
committerRob Crittenden <rcritten@redhat.com>2014-10-16 16:57:31 -0400
commit78c17097186a8cacfb237af67fdd87599a727e88 (patch)
treef7fe4ab10f7207d958cbd9c294c99aafbb06e9d6 /docs/mod_nss.html
parent1e23537dbdaf9388afa12500af6f69a6ec7da784 (diff)
downloadmod_nss-78c17097186a8cacfb237af67fdd87599a727e88.tar.gz
mod_nss-78c17097186a8cacfb237af67fdd87599a727e88.tar.xz
mod_nss-78c17097186a8cacfb237af67fdd87599a727e88.zip
Add support for enabling TLS v1.2
If support is available in NSS then it is just a matter of including TLS 1.2 in the protocol range.
Diffstat (limited to 'docs/mod_nss.html')
-rw-r--r--docs/mod_nss.html97
1 files changed, 49 insertions, 48 deletions
diff --git a/docs/mod_nss.html b/docs/mod_nss.html
index b2fda6c..4bd62c5 100644
--- a/docs/mod_nss.html
+++ b/docs/mod_nss.html
@@ -470,8 +470,8 @@ Example</span><br>
<br>
Enables or disables FIPS 140 mode. This replaces the standard
internal PKCS#11 module with a FIPS-enabled one. It also forces the
-enabled protocols to TLSv1.1 and TLS v1.0 and disables all ciphers but the
-FIPS ones. You may still select which ciphers you would like
+enabled protocols to TLSv1.2, TLSv1.1 and TLS v1.0 and disables all ciphers
+but the FIPS ones. You may still select which ciphers you would like
limited to those that are FIPS-certified. Any non-FIPS that are
included in the NSSCipherSuite entry are automatically disabled.
The allowable ciphers are:<br>
@@ -572,7 +572,7 @@ Available ciphers are:<br>
</td>
<td style="vertical-align: top;">SSL_RSA_WITH_3DES_EDE_CBC_SHA<br>
</td>
- <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1<br>
+ <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1/TLSv1.2<br>
</td>
</tr>
<tr>
@@ -580,106 +580,106 @@ Available ciphers are:<br>
</td>
<td style="vertical-align: top;">SSL_RSA_WITH_DES_CBC_SHA<br>
</td>
- <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1</td>
+ <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td style="vertical-align: top;">rsa_null_md5<br>
</td>
<td style="vertical-align: top;">SSL_RSA_WITH_NULL_MD5<br>
</td>
- <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1</td>
+ <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td style="vertical-align: top;">rsa_null_sha<br>
</td>
<td style="vertical-align: top;">SSL_RSA_WITH_NULL_SHA<br>
</td>
- <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1</td>
+ <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td style="vertical-align: top;">rsa_rc2_40_md5</td>
<td style="vertical-align: top;">SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5<br>
</td>
- <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1</td>
+ <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td style="vertical-align: top;">rsa_rc4_128_md5</td>
<td style="vertical-align: top;">SSL_RSA_WITH_RC4_128_MD5<br>
</td>
- <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1</td>
+ <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td style="vertical-align: top;">rsa_rc4_128_sha</td>
<td style="vertical-align: top;">SSL_RSA_WITH_RC4_128_SHA<br>
</td>
- <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1</td>
+ <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td style="vertical-align: top;">rsa_rc4_40_md5</td>
<td style="vertical-align: top;">SSL_RSA_EXPORT_WITH_RC4_40_MD5<br>
</td>
- <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1</td>
+ <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td style="vertical-align: top;">fortezza<br>
</td>
<td style="vertical-align: top;">SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA<br>
</td>
- <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1</td>
+ <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td style="vertical-align: top;">fortezza_rc4_128_sha<br>
</td>
<td style="vertical-align: top;">SSL_FORTEZZA_DMS_WITH_RC4_128_SHA<br>
</td>
- <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1</td>
+ <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td style="vertical-align: top;">fortezza_null<br>
</td>
<td style="vertical-align: top;">SSL_FORTEZZA_DMS_WITH_NULL_SHA<br>
</td>
- <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1</td>
+ <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td style="vertical-align: top;">fips_des_sha<br>
</td>
<td style="vertical-align: top;">SSL_RSA_FIPS_WITH_DES_CBC_SHA<br>
</td>
- <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1</td>
+ <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td style="vertical-align: top;">fips_3des_sha<br>
</td>
<td style="vertical-align: top;">SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA<br>
</td>
- <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1</td>
+ <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td style="vertical-align: top;">rsa_des_56_sha</td>
<td style="vertical-align: top;">TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA<br>
</td>
- <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1</td>
+ <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td style="vertical-align: top;">rsa_rc4_56_sha</td>
<td style="vertical-align: top;">TLS_RSA_EXPORT1024_WITH_RC4_56_SHA<br>
</td>
- <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1</td>
+ <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td style="vertical-align: top;">rsa_aes_128_sha<br>
</td>
<td style="vertical-align: top;">TLS_RSA_WITH_AES_128_CBC_SHA<br>
</td>
- <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1</td>
+ <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td style="vertical-align: top;">rsa_aes_256_sha<br>
</td>
<td style="vertical-align: top;">TLS_RSA_WITH_AES_256_CBC_SHA<br>
</td>
- <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1</td>
+ <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
</tbody>
</table>
@@ -699,127 +699,127 @@ Additionally there are a number of ECC ciphers:<br>
<tr>
<td>ecdh_ecdsa_null_sha</td>
<td>TLS_ECDH_ECDSA_WITH_NULL_SHA</td>
- <td>TLSv1.0/TLSv1.1</td>
+ <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td>ecdh_ecdsa_rc4_128_sha</td>
<td>TLS_ECDH_ECDSA_WITH_RC4_128_SHA</td>
- <td>TLSv1.0/TLSv1.1</td>
+ <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td>ecdh_ecdsa_3des_sha</td>
<td>TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA</td>
- <td>TLSv1.0/TLSv1.1</td>
+ <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td>ecdh_ecdsa_aes_128_sha</td>
<td>TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA</td>
- <td>TLSv1.0/TLSv1.1</td>
+ <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td>ecdh_ecdsa_aes_256_sha</td>
<td>TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA</td>
- <td>TLSv1.0/TLSv1.1</td>
+ <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td>ecdhe_ecdsa_null_sha</td>
<td>TLS_ECDHE_ECDSA_WITH_NULL_SHA</td>
- <td>TLSv1.0/TLSv1.1</td>
+ <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td>ecdhe_ecdsa_rc4_128_sha</td>
<td>TLS_ECDHE_ECDSA_WITH_RC4_128_SHA</td>
- <td>TLSv1.0/TLSv1.1</td>
+ <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td>ecdhe_ecdsa_3des_sha</td>
<td>TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</td>
- <td>TLSv1.0/TLSv1.1</td>
+ <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td>ecdhe_ecdsa_aes_128_sha</td>
<td>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</td>
- <td>TLSv1.0/TLSv1.1</td>
+ <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td>ecdhe_ecdsa_aes_256_sha</td>
<td>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA</td>
- <td>TLSv1.0/TLSv1.1</td>
+ <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td>ecdh_rsa_null_sha</td>
<td>TLS_ECDH_RSA_WITH_NULL_SHA</td>
- <td>TLSv1.0/TLSv1.1</td>
+ <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td>ecdh_rsa_128_sha</td>
<td>TLS_ECDH_RSA_WITH_RC4_128_SHA</td>
- <td>TLSv1.0/TLSv1.1</td>
+ <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td>ecdh_rsa_3des_sha</td>
<td>TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA</td>
- <td>TLSv1.0/TLSv1.1</td>
+ <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td>ecdh_rsa_aes_128_sha</td>
<td>TLS_ECDH_RSA_WITH_AES_128_CBC_SHA</td>
- <td>TLSv1.0/TLSv1.1</td>
+ <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td>ecdh_rsa_aes_256_sha</td>
<td>TLS_ECDH_RSA_WITH_AES_256_CBC_SHA</td>
- <td>TLSv1.0/TLSv1.1</td>
+ <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td>echde_rsa_null</td>
<td>TLS_ECDHE_RSA_WITH_NULL_SHA</td>
- <td>TLSv1.0/TLSv1.1</td>
+ <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td>ecdhe_rsa_rc4_128_sha</td>
<td>TLS_ECDHE_RSA_WITH_RC4_128_SHA</td>
- <td>TLSv1.0/TLSv1.1</td>
+ <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td>ecdhe_rsa_3des_sha</td>
<td>TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</td>
- <td>TLSv1.0/TLSv1.1</td>
+ <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td>ecdhe_rsa_aes_128_sha</td>
<td>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</td>
- <td>TLSv1.0/TLSv1.1</td>
+ <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td>ecdhe_rsa_aes_256_sha</td>
<td>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</td>
- <td>TLSv1.0/TLSv1.1</td>
+ <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td>ecdh_anon_null_sha</td>
<td>TLS_ECDH_anon_WITH_NULL_SHA</td>
- <td>TLSv1.0/TLSv1.1</td>
+ <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td>ecdh_anon_rc4_128sha</td>
<td>TLS_ECDH_anon_WITH_RC4_128_SHA</td>
- <td>TLSv1.0/TLSv1.1</td>
+ <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td>ecdh_anon_3des_sha</td>
<td>TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA</td>
- <td>TLSv1.0/TLSv1.1</td>
+ <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td>ecdh_anon_aes_128_sha</td>
<td>TLS_ECDH_anon_WITH_AES_128_CBC_SHA</td>
- <td>TLSv1.0/TLSv1.1</td>
+ <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
<tr>
<td>ecdh_anon_aes_256_sha</td>
<td>TLS_ECDH_anon_WITH_AES_256_CBC_SHA</td>
- <td>TLSv1.0/TLSv1.1</td>
+ <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
</tbody>
</table>
@@ -843,15 +843,16 @@ Options are:<br>
<li><code>TLSv1 (legacy only; replaced by TLSv1.0)</code></li>
<li><code>TLSv1.0</code></li>
<li><code>TLSv1.1</code></li>
+ <li><code>TLSv1.2</code></li>
<li><code>All</code></li>
</ul>
Note that this differs from mod_ssl in that you can't add or subtract
protocols.<br>
<br>
If no NSSProtocol is specified, mod_nss will default to allowing the use of
-the SSLv3, TLSv1.0, and TLSv1.1 protocols, where SSLv3 will be set to be the
-minimum protocol allowed, and TLSv1.1 will be set to be the maximum protocol
-allowed.
+the SSLv3, TLSv1.0, TLSv1.1 and TLSv1.2 protocols, where SSLv3 will be set to
+be the minimum protocol allowed, and TLSv1.2 will be set to be the maximum
+protocol allowed.
<br>
If values for NSSProtocol are specified, mod_nss will set both the minimum
and the maximum allowed protocols based upon these entries allowing for the
@@ -1118,7 +1119,7 @@ was compiled against.<br>
<tr>
<td style="vertical-align: top; width: 45%;"><code>SSL_PROTOCOL<br>
</code></td>
- <td style="vertical-align: top;">SSLv2, SSLv3, TLSv1.0, or TLSv1.1<br>
+ <td style="vertical-align: top;">SSLv2, SSLv3, TLSv1.0, TLSv1.1 or TLSv1.2<br>
</td>
</tr>
<tr>
generated by cgit (git 2.34.1) at 2025-09-14 01:34:50 +0000