diff options
author | Rob Crittenden <rcritten@redhat.com> | 2013-10-11 17:51:23 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2014-02-21 14:20:19 -0500 |
commit | 25e23d6aa024c875bbbaefc8f11d2780e09036b2 (patch) | |
tree | a2f12aa564969ee2152c750321e03b5a5743ea99 /mod_nss.c | |
parent | 399685fc1bfaeb6bcb0e5879872338981c7453b7 (diff) | |
download | mod_nss-25e23d6aa024c875bbbaefc8f11d2780e09036b2.tar.gz mod_nss-25e23d6aa024c875bbbaefc8f11d2780e09036b2.tar.xz mod_nss-25e23d6aa024c875bbbaefc8f11d2780e09036b2.zip |
Add support for TLS v1.1, protocol ranges.
Set protocol version ranges:
(1) Set the minimum protocol accepted
(2) Set the maximum protocol accepted
(3) Protocol ranges extend from maximum down to minimum
protocol
(4) All protocol ranges are completely inclusive;
no protocol in the middle of a range may be excluded
(5) NSS automatically negotiates the use of the strongest
protocol for a connection starting with the maximum
specified protocol and downgrading as necessary to the
minimum specified protocol
For example, if SSL 3.0 is chosen as the minimum protocol, and
TLS 1.1 is chosen as the maximum protocol, SSL 3.0, TLS 1.0, and
TLS 1.1 will all be accepted as protocols, as TLS 1.0 will not
and cannot be excluded from this range. NSS will automatically
negotiate to utilize the strongest acceptable protocol for a
connection starting with the maximum specified protocol and
downgrading as necessary to the minimum specified protocol
(TLS 1.1 -> TLS 1.0 -> SSL 3.0).
BZ 816394
Diffstat (limited to 'mod_nss.c')
-rw-r--r-- | mod_nss.c | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -90,7 +90,7 @@ static const command_rec nss_config_cmds[] = { "(`[+-]XXX,...,[+-]XXX' - see manual)") SSL_CMD_SRV(Protocol, RAW_ARGS, "Enable the various SSL protocols" - "(`[SSLv2|SSLv3|TLSv1|all] ...' - see manual)") + "(`[SSLv2|SSLv3|TLSv1.0|TLSv1.1|all] ...' - see manual)") SSL_CMD_ALL(VerifyClient, TAKE1, "SSL Client Authentication " "(`none', `optional', `require'") @@ -135,7 +135,7 @@ static const command_rec nss_config_cmds[] = { "(`on', `off')") SSL_CMD_SRV(ProxyProtocol, RAW_ARGS, "SSL Proxy: enable or disable SSL protocol flavors " - "(`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual)") + "(`[+-][SSLv2|SSLv3|TLSv1.0|TLSv1.1] ...' - see manual)") SSL_CMD_SRV(ProxyCipherSuite, TAKE1, "SSL Proxy: colon-delimited list of permitted SSL ciphers " "(`XXX:...:XXX' - see manual)") |