diff options
Diffstat (limited to 'docs/manual/ssl')
| -rw-r--r-- | docs/manual/ssl/index.html.en | 16 | ||||
| -rw-r--r-- | docs/manual/ssl/index.html.fr | 16 | ||||
| -rw-r--r-- | docs/manual/ssl/index.html.ja.utf8 | 13 | ||||
| -rw-r--r-- | docs/manual/ssl/index.html.tr.utf8 | 14 | ||||
| -rw-r--r-- | docs/manual/ssl/index.html.zh-cn | 13 | ||||
| -rw-r--r-- | docs/manual/ssl/ssl_compat.html.en | 34 | ||||
| -rw-r--r-- | docs/manual/ssl/ssl_compat.html.fr | 34 | ||||
| -rw-r--r-- | docs/manual/ssl/ssl_faq.html.en | 83 | ||||
| -rw-r--r-- | docs/manual/ssl/ssl_faq.html.fr | 83 | ||||
| -rw-r--r-- | docs/manual/ssl/ssl_howto.html.en | 244 | ||||
| -rw-r--r-- | docs/manual/ssl/ssl_howto.html.fr | 235 | ||||
| -rw-r--r-- | docs/manual/ssl/ssl_intro.html.en | 86 | ||||
| -rw-r--r-- | docs/manual/ssl/ssl_intro.html.fr | 86 | ||||
| -rw-r--r-- | docs/manual/ssl/ssl_intro.html.ja.utf8 | 34 |
14 files changed, 635 insertions, 356 deletions
diff --git a/docs/manual/ssl/index.html.en b/docs/manual/ssl/index.html.en index 5f3ef00c..4e43943d 100644 --- a/docs/manual/ssl/index.html.en +++ b/docs/manual/ssl/index.html.en @@ -8,10 +8,13 @@ <title>Apache SSL/TLS Encryption - Apache HTTP Server</title> <link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> <link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> -<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.js" type="text/javascript"> +</script> + <link href="../images/favicon.ico" rel="shortcut icon" /></head> <body id="manual-page"><div id="page-header"> -<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p> <p class="apache">Apache HTTP Server Version 2.4</p> <img alt="" src="../images/feather.gif" /></div> <div class="up"><a href="../"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> @@ -28,8 +31,7 @@ <p>The Apache HTTP Server module <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> provides an interface to the <a href="http://www.openssl.org/">OpenSSL</a> library, which provides Strong Encryption using the Secure Sockets Layer and Transport Layer -Security protocols. The module and this documentation are based on -Ralf S. Engelschall's mod_ssl project.</p> +Security protocols.</p> </div> <div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#documentation">Documentation</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#mod-ssl">mod_ssl</a></li> @@ -59,5 +61,9 @@ provided by this module is provided in the <a href="../mod/mod_ssl.html">mod_ssl <a href="../zh-cn/ssl/" hreflang="zh-cn" rel="alternate" title="Simplified Chinese"> zh-cn </a></p> </div><div id="footer"> <p class="apache">Copyright 2012 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> -<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> </body></html>
\ No newline at end of file diff --git a/docs/manual/ssl/index.html.fr b/docs/manual/ssl/index.html.fr index b66fa4e6..04641d8d 100644 --- a/docs/manual/ssl/index.html.fr +++ b/docs/manual/ssl/index.html.fr @@ -8,10 +8,13 @@ <title>Apache et le Chiffrement SSL/TLS - Serveur Apache HTTP</title> <link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> <link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> -<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.js" type="text/javascript"> +</script> + <link href="../images/favicon.ico" rel="shortcut icon" /></head> <body id="manual-page"><div id="page-header"> -<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p> <p class="apache">Serveur Apache HTTP Version 2.4</p> <img alt="" src="../images/feather.gif" /></div> <div class="up"><a href="../"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> @@ -29,8 +32,7 @@ interface avec la bibliothèque <a href="http://www.openssl.org/">OpenSSL</a>, qui permet d'effectuer un chiffrement fort en s'appuyant sur les protocoles "Couche Points d'accès Sécurisés" (Secure Sockets Layer - SSL) et "Sécurité de la Couche Transport" -(Transport Layer Security - TLS). Le module et cette documentation sont basés -sur le projet mod_ssl de Ralf S. Engelschall.</p> +(Transport Layer Security - TLS).</p> </div> <div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#documentation">Documentation</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#mod-ssl">mod_ssl</a></li> @@ -61,5 +63,9 @@ d'environnement fournies par ce module se trouve dans la <a href="../zh-cn/ssl/" hreflang="zh-cn" rel="alternate" title="Simplified Chinese"> zh-cn </a></p> </div><div id="footer"> <p class="apache">Copyright 2012 The Apache Software Foundation.<br />Autorisé sous <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> -<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p></div> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> </body></html>
\ No newline at end of file diff --git a/docs/manual/ssl/index.html.ja.utf8 b/docs/manual/ssl/index.html.ja.utf8 index 78f557d4..7f39ec26 100644 --- a/docs/manual/ssl/index.html.ja.utf8 +++ b/docs/manual/ssl/index.html.ja.utf8 @@ -8,10 +8,13 @@ <title>Apache ã® SSL/TLS æš—å·åŒ– - Apache HTTP サーãƒ</title> <link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> <link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> -<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.js" type="text/javascript"> +</script> + <link href="../images/favicon.ico" rel="shortcut icon" /></head> <body id="manual-page"><div id="page-header"> -<p class="menu"><a href="../mod/">モジュール</a> | <a href="../mod/directives.html">ディレクティブ</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">用語</a> | <a href="../sitemap.html">サイトマップ</a></p> +<p class="menu"><a href="../mod/">モジュール</a> | <a href="../mod/directives.html">ディレクティブ</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">用語</a> | <a href="../sitemap.html">サイトマップ</a></p> <p class="apache">Apache HTTP サームãƒãƒ¼ã‚¸ãƒ§ãƒ³ 2.4</p> <img alt="" src="../images/feather.gif" /></div> <div class="up"><a href="../"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> @@ -65,5 +68,9 @@ Secure Sockts Layer 㨠Transport Layer Security <a href="../zh-cn/ssl/" hreflang="zh-cn" rel="alternate" title="Simplified Chinese"> zh-cn </a></p> </div><div id="footer"> <p class="apache">Copyright 2012 The Apache Software Foundation.<br />ã“ã®æ–‡æ›¸ã¯ <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a> ã®ãƒ©ã‚¤ã‚»ãƒ³ã‚¹ã§æä¾›ã•ã‚Œã¦ã„ã¾ã™ã€‚.</p> -<p class="menu"><a href="../mod/">モジュール</a> | <a href="../mod/directives.html">ディレクティブ</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">用語</a> | <a href="../sitemap.html">サイトマップ</a></p></div> +<p class="menu"><a href="../mod/">モジュール</a> | <a href="../mod/directives.html">ディレクティブ</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">用語</a> | <a href="../sitemap.html">サイトマップ</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> </body></html>
\ No newline at end of file diff --git a/docs/manual/ssl/index.html.tr.utf8 b/docs/manual/ssl/index.html.tr.utf8 index 5619cbd2..c84439fa 100644 --- a/docs/manual/ssl/index.html.tr.utf8 +++ b/docs/manual/ssl/index.html.tr.utf8 @@ -8,10 +8,13 @@ <title>Apache SSL/TLS Şifrelemesi - Apache HTTP Sunucusu</title> <link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> <link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> -<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.js" type="text/javascript"> +</script> + <link href="../images/favicon.ico" rel="shortcut icon" /></head> <body id="manual-page"><div id="page-header"> -<p class="menu"><a href="../mod/">Modüller</a> | <a href="../mod/directives.html">Yönergeler</a> | <a href="../faq/">SSS</a> | <a href="../glossary.html">Terimler</a> | <a href="../sitemap.html">Site Haritası</a></p> +<p class="menu"><a href="../mod/">Modüller</a> | <a href="../mod/directives.html">Yönergeler</a> | <a href="http://wiki.apache.org/httpd/FAQ">SSS</a> | <a href="../glossary.html">Terimler</a> | <a href="../sitemap.html">Site Haritası</a></p> <p class="apache">Apache HTTP Sunucusu Sürüm 2.4</p> <img alt="" src="../images/feather.gif" /></div> <div class="up"><a href="../"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> @@ -24,6 +27,7 @@ <a href="../tr/ssl/" title="Türkçe"> tr </a> | <a href="../zh-cn/ssl/" hreflang="zh-cn" rel="alternate" title="Simplified Chinese"> zh-cn </a></p> </div> +<div class="outofdate">Bu çeviri güncel olmayabilir. Son değişiklikler için İngilizce sürüm geçerlidir.</div> <p>Apache HTTP Sunucusunun <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> modülü, Güvenli Soketler Katmanı (SSL) ve Aktarım Katmanı Güvenliği (TLS) protokollerinin @@ -59,5 +63,9 @@ <a href="../zh-cn/ssl/" hreflang="zh-cn" rel="alternate" title="Simplified Chinese"> zh-cn </a></p> </div><div id="footer"> <p class="apache">Copyright 2012 The Apache Software Foundation.<br /><a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a> altında lisanslıdır.</p> -<p class="menu"><a href="../mod/">Modüller</a> | <a href="../mod/directives.html">Yönergeler</a> | <a href="../faq/">SSS</a> | <a href="../glossary.html">Terimler</a> | <a href="../sitemap.html">Site Haritası</a></p></div> +<p class="menu"><a href="../mod/">Modüller</a> | <a href="../mod/directives.html">Yönergeler</a> | <a href="http://wiki.apache.org/httpd/FAQ">SSS</a> | <a href="../glossary.html">Terimler</a> | <a href="../sitemap.html">Site Haritası</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> </body></html>
\ No newline at end of file diff --git a/docs/manual/ssl/index.html.zh-cn b/docs/manual/ssl/index.html.zh-cn index 7b52fa1a..52c2f6b5 100644 --- a/docs/manual/ssl/index.html.zh-cn +++ b/docs/manual/ssl/index.html.zh-cn @@ -8,10 +8,13 @@ <title>Apache SSL/TLS åŠ å¯† - Apache HTTP æœåŠ¡å™¨</title> <link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> <link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> -<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.js" type="text/javascript"> +</script> + <link href="../images/favicon.ico" rel="shortcut icon" /></head> <body id="manual-page"><div id="page-header"> -<p class="menu"><a href="../mod/">模å—</a> | <a href="../mod/directives.html">指令</a> | <a href="../faq/">常è§é—®é¢˜</a> | <a href="../glossary.html">术è¯</a> | <a href="../sitemap.html">网站导航</a></p> +<p class="menu"><a href="../mod/">模å—</a> | <a href="../mod/directives.html">指令</a> | <a href="http://wiki.apache.org/httpd/FAQ">常è§é—®é¢˜</a> | <a href="../glossary.html">术è¯</a> | <a href="../sitemap.html">网站导航</a></p> <p class="apache">Apache HTTP æœåŠ¡å™¨ç‰ˆæœ¬ 2.4</p> <img alt="" src="../images/feather.gif" /></div> <div class="up"><a href="../"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> @@ -59,5 +62,9 @@ Ralf S. Engelschall çš„ mod_ssl 项目。</p> <a href="../zh-cn/ssl/" title="Simplified Chinese"> zh-cn </a></p> </div><div id="footer"> <p class="apache">Copyright 2012 The Apache Software Foundation.<br />基于 <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a> 许å¯è¯.</p> -<p class="menu"><a href="../mod/">模å—</a> | <a href="../mod/directives.html">指令</a> | <a href="../faq/">常è§é—®é¢˜</a> | <a href="../glossary.html">术è¯</a> | <a href="../sitemap.html">网站导航</a></p></div> +<p class="menu"><a href="../mod/">模å—</a> | <a href="../mod/directives.html">指令</a> | <a href="http://wiki.apache.org/httpd/FAQ">常è§é—®é¢˜</a> | <a href="../glossary.html">术è¯</a> | <a href="../sitemap.html">网站导航</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> </body></html>
\ No newline at end of file diff --git a/docs/manual/ssl/ssl_compat.html.en b/docs/manual/ssl/ssl_compat.html.en index 9821b938..f8f87455 100644 --- a/docs/manual/ssl/ssl_compat.html.en +++ b/docs/manual/ssl/ssl_compat.html.en @@ -8,10 +8,13 @@ <title>SSL/TLS Strong Encryption: Compatibility - Apache HTTP Server</title> <link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> <link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> -<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.js" type="text/javascript"> +</script> + <link href="../images/favicon.ico" rel="shortcut icon" /></head> <body id="manual-page"><div id="page-header"> -<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p> <p class="apache">Apache HTTP Server Version 2.4</p> <img alt="" src="../images/feather.gif" /></div> <div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> @@ -44,7 +47,7 @@ mapping tables are included here to give the equivalents used by mod_ssl.</p> <div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#configuration">Configuration Directives</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#variables">Environment Variables</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#customlog">Custom Log Functions</a></li> -</ul></div> +</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="section"> <h2><a name="configuration" id="configuration">Configuration Directives</a></h2> @@ -216,7 +219,28 @@ are listed in <a href="#table3">Table 3</a>.</p> <div class="bottomlang"> <p><span>Available Languages: </span><a href="../en/ssl/ssl_compat.html" title="English"> en </a> | <a href="../fr/ssl/ssl_compat.html" hreflang="fr" rel="alternate" title="Français"> fr </a></p> -</div><div id="footer"> +</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div> +<script type="text/javascript"><!--//--><![CDATA[//><!-- +var comments_shortname = 'httpd'; +var comments_identifier = 'http://httpd.apache.org/docs/2.4/ssl/ssl_compat.html'; +(function(w, d) { + if (w.location.hostname.toLowerCase() == "httpd.apache.org") { + d.write('<div id="comments_thread"><\/div>'); + var s = d.createElement('script'); + s.type = 'text/javascript'; + s.async = true; + s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; + (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); + } + else { + d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); + } +})(window, document); +//--><!]]></script></div><div id="footer"> <p class="apache">Copyright 2012 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> -<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> </body></html>
\ No newline at end of file diff --git a/docs/manual/ssl/ssl_compat.html.fr b/docs/manual/ssl/ssl_compat.html.fr index c4856b16..ef3ef139 100644 --- a/docs/manual/ssl/ssl_compat.html.fr +++ b/docs/manual/ssl/ssl_compat.html.fr @@ -8,10 +8,13 @@ <title>Chiffrement fort SSL/TLS : Compatibilité - Serveur Apache HTTP</title> <link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> <link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> -<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.js" type="text/javascript"> +</script> + <link href="../images/favicon.ico" rel="shortcut icon" /></head> <body id="manual-page"><div id="page-header"> -<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p> <p class="apache">Serveur Apache HTTP Version 2.4</p> <img alt="" src="../images/feather.gif" /></div> <div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> @@ -46,7 +49,7 @@ de termes utilisés par mod_ssl.</p> <div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#configuration">Directives de configuration</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#variables">Variables d'environnement</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#customlog">Fonctions de personnalisation des journaux</a></li> -</ul></div> +</ul><ul class="seealso"><li><a href="#comments_section">Commentaires</a></li></ul></div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="section"> <h2><a name="configuration" id="configuration">Directives de configuration</a></h2> @@ -225,7 +228,28 @@ actuellement implémentés sont énumérés dans le <div class="bottomlang"> <p><span>Langues Disponibles: </span><a href="../en/ssl/ssl_compat.html" hreflang="en" rel="alternate" title="English"> en </a> | <a href="../fr/ssl/ssl_compat.html" title="Français"> fr </a></p> -</div><div id="footer"> +</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Commentaires</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div> +<script type="text/javascript"><!--//--><![CDATA[//><!-- +var comments_shortname = 'httpd'; +var comments_identifier = 'http://httpd.apache.org/docs/2.4/ssl/ssl_compat.html'; +(function(w, d) { + if (w.location.hostname.toLowerCase() == "httpd.apache.org") { + d.write('<div id="comments_thread"><\/div>'); + var s = d.createElement('script'); + s.type = 'text/javascript'; + s.async = true; + s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; + (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); + } + else { + d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); + } +})(window, document); +//--><!]]></script></div><div id="footer"> <p class="apache">Copyright 2012 The Apache Software Foundation.<br />Autorisé sous <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> -<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p></div> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> </body></html>
\ No newline at end of file diff --git a/docs/manual/ssl/ssl_faq.html.en b/docs/manual/ssl/ssl_faq.html.en index 9cf6298f..6941209c 100644 --- a/docs/manual/ssl/ssl_faq.html.en +++ b/docs/manual/ssl/ssl_faq.html.en @@ -8,10 +8,13 @@ <title>SSL/TLS Strong Encryption: FAQ - Apache HTTP Server</title> <link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> <link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> -<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.js" type="text/javascript"> +</script> + <link href="../images/favicon.ico" rel="shortcut icon" /></head> <body id="manual-page"><div id="page-header"> -<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p> <p class="apache">Apache HTTP Server Version 2.4</p> <img alt="" src="../images/feather.gif" /></div> <div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> @@ -34,7 +37,7 @@ he poses the right questions.</p> <li><img alt="" src="../images/down.gif" /> <a href="#aboutcerts">Certificates</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#aboutssl">The SSL Protocol</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#support">mod_ssl Support</a></li> -</ul></div> +</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="section"> <h2><a name="installation" id="installation">Installation</a></h2> @@ -173,11 +176,12 @@ relative hyperlinks?</a></li> fully-qualified hyperlinks (because you have to change the URL scheme). Using <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> however, you can manipulate relative hyperlinks, to achieve the same effect.</p> - <div class="example"><p><code> - RewriteEngine on<br /> - RewriteRule ^/(.*)_SSL$ https://%{SERVER_NAME}/$1 [R,L]<br /> - RewriteRule ^/(.*)_NOSSL$ http://%{SERVER_NAME}/$1 [R,L] - </code></p></div> + <pre class="prettyprint lang-config"> +RewriteEngine on +RewriteRule ^/(.*)_SSL$ https://%{SERVER_NAME}/$1 [R,L] +RewriteRule ^/(.*)_NOSSL$ http://%{SERVER_NAME}/$1 [R,L] + </pre> + <p>This rewrite ruleset lets you use hyperlinks of the form <code><a href="document.html_SSL"></code>, to switch to HTTPS @@ -253,10 +257,11 @@ Certificate for testing purposes?</a></h3> -keyout server.key</strong></code><br /> These can be used as follows in your <code>httpd.conf</code> file: - <pre> - SSLCertificateFile /path/to/this/server.crt - SSLCertificateKeyFile /path/to/this/server.key + <pre class="prettyprint lang-config"> +SSLCertificateFile /path/to/this/server.crt +SSLCertificateKeyFile /path/to/this/server.key </pre> + </li> <li>It is important that you are aware that this <code>server.key</code> does <em>not</em> have any passphrase. @@ -333,10 +338,11 @@ Certificate for testing purposes?</a></h3> <li>You should now have two files: <code>server.key</code> and <code>server.crt</code>. These can be used as follows in your <code>httpd.conf</code> file: - <pre> - SSLCertificateFile /path/to/this/server.crt - SSLCertificateKeyFile /path/to/this/server.key + <pre class="prettyprint lang-config"> +SSLCertificateFile /path/to/this/server.crt +SSLCertificateKeyFile /path/to/this/server.key </pre> + The <code>server.csr</code> file is no longer needed. </li> @@ -603,9 +609,9 @@ error when connecting to my newly installed server?</a></h3> handshake is finished, but the information is needed in order to complete the SSL handshake phase. See the next question for how to circumvent this issue.</p> - + <p>Note that if you have a wildcard SSL certificate, or a - certificate that has multple hostnames on it using subjectAltName + certificate that has multiple hostnames on it using subjectAltName fields, you can use SSL on name-based virtual hosts without further workarounds.</p> @@ -624,7 +630,7 @@ Virtual Hosting to identify different SSL virtual hosts?</a></h3> specification added, called Server Name Indication (SNI).</p> <p>Note that if you have a wildcard SSL certificate, or a - certificate that has multple hostnames on it using subjectAltName + certificate that has multiple hostnames on it using subjectAltName fields, you can use SSL on name-based virtual hosts without further workarounds.</p> @@ -648,9 +654,10 @@ Virtual Hosting to identify different SSL virtual hosts?</a></h3> you must make sure to put the non-SSL port number on the NameVirtualHost directive, e.g.</p> - <div class="example"><p><code> + <pre class="prettyprint lang-config"> NameVirtualHost 192.168.1.1:80 - </code></p></div> + </pre> + <p>Other workaround solutions include: </p> @@ -666,7 +673,7 @@ a negotiable standard compression method. <p>OpenSSL 0.9.8 started to support this by default when compiled with the <code>zlib</code> option. If both the client and the server support compression, it will be used. However, most clients still try to initially connect with an -SSLv2 Hello. As SSLv2 did not include an array of prefered compression algorithms +SSLv2 Hello. As SSLv2 did not include an array of preferred compression algorithms in its handshake, compression cannot be negotiated with these clients. If the client disables support for SSLv2, either an SSLv3 or TLS Hello may be sent, depending on which SSL library is used, and compression may @@ -700,11 +707,12 @@ Explorer (MSIE)?</a></h3> keep-alive connections or send the SSL close notify messages to MSIE clients. This can be done by using the following directive in your SSL-aware virtual host section:</p> - <div class="example"><p><code> - SetEnvIf User-Agent "MSIE [2-5]" \<br /> - nokeepalive ssl-unclean-shutdown \<br /> - downgrade-1.0 force-response-1.0 - </code></p></div> + <pre class="prettyprint lang-config"> +SetEnvIf User-Agent "MSIE [2-5]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + </pre> + <p>Further, some MSIE versions have problems with particular ciphers. Unfortunately, it is not possible to implement a MSIE-specific workaround for this, because the ciphers are needed as early as the @@ -851,7 +859,28 @@ the reason for my core dump?</a></h3> <div class="bottomlang"> <p><span>Available Languages: </span><a href="../en/ssl/ssl_faq.html" title="English"> en </a> | <a href="../fr/ssl/ssl_faq.html" hreflang="fr" rel="alternate" title="Français"> fr </a></p> -</div><div id="footer"> +</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div> +<script type="text/javascript"><!--//--><![CDATA[//><!-- +var comments_shortname = 'httpd'; +var comments_identifier = 'http://httpd.apache.org/docs/2.4/ssl/ssl_faq.html'; +(function(w, d) { + if (w.location.hostname.toLowerCase() == "httpd.apache.org") { + d.write('<div id="comments_thread"><\/div>'); + var s = d.createElement('script'); + s.type = 'text/javascript'; + s.async = true; + s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; + (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); + } + else { + d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); + } +})(window, document); +//--><!]]></script></div><div id="footer"> <p class="apache">Copyright 2012 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> -<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> </body></html>
\ No newline at end of file diff --git a/docs/manual/ssl/ssl_faq.html.fr b/docs/manual/ssl/ssl_faq.html.fr index e998f628..a95980e3 100644 --- a/docs/manual/ssl/ssl_faq.html.fr +++ b/docs/manual/ssl/ssl_faq.html.fr @@ -8,10 +8,13 @@ <title>Chiffrement SSL/TLS fort: foire aux questions - Serveur Apache HTTP</title> <link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> <link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> -<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.js" type="text/javascript"> +</script> + <link href="../images/favicon.ico" rel="shortcut icon" /></head> <body id="manual-page"><div id="page-header"> -<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p> <p class="apache">Serveur Apache HTTP Version 2.4</p> <img alt="" src="../images/feather.gif" /></div> <div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> @@ -21,6 +24,8 @@ <p><span>Langues Disponibles: </span><a href="../en/ssl/ssl_faq.html" hreflang="en" rel="alternate" title="English"> en </a> | <a href="../fr/ssl/ssl_faq.html" title="Français"> fr </a></p> </div> +<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version + anglaise pour les changements récents.</div> <blockquote> <p>Le sage n'apporte pas de bonnes réponses, il pose les bonnes questions</p> @@ -33,7 +38,7 @@ <li><img alt="" src="../images/down.gif" /> <a href="#aboutcerts">Certificats</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#aboutssl">Le protocole SSL</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#support">Support de mod_ssl</a></li> -</ul></div> +</ul><ul class="seealso"><li><a href="#comments_section">Commentaires</a></li></ul></div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="section"> <h2><a name="installation" id="installation">Installation</a></h2> @@ -184,11 +189,12 @@ HTTPS dans les hyperliens relatifs ?</a></h3> hyperliens pleinement qualifiés (car vous devez modifier le schéma de l'URL). Cependant, à l'aide du module <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>, vous pouvez manipuler des hyperliens relatifs, pour obtenir le même effet.</p> - <div class="example"><p><code> - RewriteEngine on<br /> - RewriteRule ^/(.*)_SSL$ https://%{SERVER_NAME}/$1 [R,L]<br /> - RewriteRule ^/(.*)_NOSSL$ http://%{SERVER_NAME}/$1 [R,L] - </code></p></div> + <pre class="prettyprint lang-config"> +RewriteEngine on +RewriteRule ^/(.*)_SSL$ https://%{SERVER_NAME}/$1 [R,L] +RewriteRule ^/(.*)_NOSSL$ http://%{SERVER_NAME}/$1 [R,L] + </pre> + <p>Ce jeu de règles rewrite vous permet d'utiliser des hyperliens de la forme <code><a href="document.html_SSL"></code> pour passer en HTTPS @@ -267,10 +273,11 @@ fins de test ?</a></h3> -keyout server.key</strong></code><br /> Ces fichiers seront utilisés comme suit dans votre <code>httpd.conf</code> : - <pre> - SSLCertificateFile /chemin/vers/server.crt - SSLCertificateKeyFile /chemin/vers/server.key - </pre> + <pre class="prettyprint lang-config"> +SSLCertificateFile /path/to/this/server.crt +SSLCertificateKeyFile /path/to/this/server.key + </pre> + </li> <li>Il est important de savoir que le fichier <code>server.key</code> n'a <em>pas</em> de mot de passe. Pour ajouter un mot de passe à la clé, vous @@ -350,10 +357,11 @@ fins de test ?</a></h3> <li>Vous devez maintenant disposer de deux fichiers : <code>server.key</code> et <code>server.crt</code>. Ils sont précisés dans votre fichier <code>httpd.conf</code> comme suit : - <pre> - SSLCertificateFile /chemin/vers/server.crt - SSLCertificateKeyFile /chemin vers/server.key + <pre class="prettyprint lang-config"> +SSLCertificateFile /path/to/this/server.crt +SSLCertificateKeyFile /path/to/this/server.key </pre> + Le fichier <code>server.csr</code> n'est plus nécessaire. </li> @@ -640,7 +648,7 @@ l'oeuf ou de la poule. La couche du protocole SSL se trouve en dessous de la couche de protocole HTTP qu'elle encapsule. Lors de l'établissement d'une connexion SSL (HTTPS), Apache/mod_ssl doit négocier les paramètres du protocole SSL avec le client. Pour cela, mod_ssl doit consulter la -configuration du serveur virtuel (par exemple, il doit accéder à la la suite +configuration du serveur virtuel (par exemple, il doit accéder à la suite d'algorithmes de chiffrement, au certificat du serveur, etc...). Mais afin de sélectionner le bon serveur virtuel, Apache doit connaître le contenu du champ d'en-tête HTTP <code>Host</code>. Pour cela, il doit lire l'en-tête de la @@ -677,7 +685,7 @@ pour différencier plusieurs hôtes virtuels ?</a></h3> <p>Notez que si votre certificat comporte un nom de serveur avec caractères génériques, ou des noms de serveurs multiples dans le champ subjectAltName, vous pouvez utiliser SSL avec les serveurs - virtuels à base de noms sans avoir à contourner ce problème.</p> + virtuels à base de noms sans avoir à contourner ce problème.</p> <p>La raison en est que le protocole SSL constitue une couche séparée qui encapsule le protocole HTTP. Aini, la session SSL nécessite une @@ -701,9 +709,10 @@ pour différencier plusieurs hôtes virtuels ?</a></h3> (sur le port 443). Mais dans ce cas, vous devez définir le numéro de port non-SSL à l'aide de la directive NameVirtualHost dans ce style :</p> - <div class="example"><p><code> + <pre class="prettyprint lang-config"> NameVirtualHost 192.168.1.1:80 - </code></p></div> + </pre> + <p>il existe d'autres solutions alternatives comme :</p> @@ -760,11 +769,12 @@ versions de MSIE. Vous pouvez contourner ces problèmes en interdisant ou l'envoi de messages de notification de fermeture de session SSL aux clients MSIE. Pour cela, vous pouvez utiliser la directive suivante dans votre section d'hôte virtuel avec support SSL :</p> - <div class="example"><p><code> - SetEnvIf User-Agent "MSIE [2-5]" \<br /> - nokeepalive ssl-unclean-shutdown \<br /> - downgrade-1.0 force-response-1.0 - </code></p></div> + <pre class="prettyprint lang-config"> +SetEnvIf User-Agent "MSIE [2-5]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + </pre> + <p>En outre, certaines versions de MSIE ont des problèmes avec des algorithmes de chiffrement particuliers. Hélas, il n'est pas possible d'apporter une solution spécifique à MSIE pour ces @@ -943,7 +953,28 @@ d'obtenir une journalisation des évènements (backtrace) :</p> <div class="bottomlang"> <p><span>Langues Disponibles: </span><a href="../en/ssl/ssl_faq.html" hreflang="en" rel="alternate" title="English"> en </a> | <a href="../fr/ssl/ssl_faq.html" title="Français"> fr </a></p> -</div><div id="footer"> +</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Commentaires</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div> +<script type="text/javascript"><!--//--><![CDATA[//><!-- +var comments_shortname = 'httpd'; +var comments_identifier = 'http://httpd.apache.org/docs/2.4/ssl/ssl_faq.html'; +(function(w, d) { + if (w.location.hostname.toLowerCase() == "httpd.apache.org") { + d.write('<div id="comments_thread"><\/div>'); + var s = d.createElement('script'); + s.type = 'text/javascript'; + s.async = true; + s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; + (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); + } + else { + d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); + } +})(window, document); +//--><!]]></script></div><div id="footer"> <p class="apache">Copyright 2012 The Apache Software Foundation.<br />Autorisé sous <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> -<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p></div> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> </body></html>
\ No newline at end of file diff --git a/docs/manual/ssl/ssl_howto.html.en b/docs/manual/ssl/ssl_howto.html.en index 8360f179..9cf612cb 100644 --- a/docs/manual/ssl/ssl_howto.html.en +++ b/docs/manual/ssl/ssl_howto.html.en @@ -8,10 +8,13 @@ <title>SSL/TLS Strong Encryption: How-To - Apache HTTP Server</title> <link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> <link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> -<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.js" type="text/javascript"> +</script> + <link href="../images/favicon.ico" rel="shortcut icon" /></head> <body id="manual-page"><div id="page-header"> -<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p> <p class="apache">Apache HTTP Server Version 2.4</p> <img alt="" src="../images/feather.gif" /></div> <div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> @@ -32,26 +35,25 @@ before progressing to the advanced techniques.</p> <li><img alt="" src="../images/down.gif" /> <a href="#ciphersuites">Cipher Suites and Enforcing Strong Security</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#accesscontrol">Client Authentication and Access Control</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#logging">Logging</a></li> -</ul></div> +</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="section"> <h2><a name="configexample" id="configexample">Basic Configuration Example</a></h2> -<p>Your SSL configuration will need to contain, at a minumum, the +<p>Your SSL configuration will need to contain, at minimum, the following directives.</p> -<div class="example"><p><code> - Listen 443<br /> - <VirtualHost *:443><br /> - <span class="indent"> - ServerName www.example.com<br /> - SSLEngine on<br /> - SSLCertificateFile /path/to/www.example.com.cert<br /> - SSLCertificateKeyFile /path/to/www.example.com.key<br /> - </span> - </VirtualHost> -</code></p></div> +<pre class="prettyprint lang-config"> +Listen 443 +<VirtualHost *:443> + ServerName www.example.com + SSLEngine on + SSLCertificateFile /path/to/www.example.com.cert + SSLCertificateKeyFile /path/to/www.example.com.key +</VirtualHost> +</pre> + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="section"> @@ -67,18 +69,20 @@ requires a strong cipher for access to a particular URL?</a></li> only?</a></h3> <p>The following enables only the strongest ciphers:</p> - <div class="example"><h3>httpd.conf</h3><p><code> - SSLCipherSuite HIGH:!aNULL:!MD5<br /> - </code></p></div> + <pre class="prettyprint lang-config"> + SSLCipherSuite HIGH:!aNULL:!MD5 + </pre> + <p>While with the following configuration you specify a preference for specific speed-optimized ciphers (which will be selected by mod_ssl, provided that they are supported by the client):</p> - <div class="example"><h3>httpd.conf</h3><p><code> - SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5<br /> - SSLHonorCipherOrder on - </code></p></div> + <pre class="prettyprint lang-config"> +SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5 +SSLHonorCipherOrder on + </pre> + <h3><a name="strongurl" id="strongurl">How can I create an SSL server which accepts all types of ciphers @@ -91,16 +95,17 @@ URL?</a></h3> blocks, to give a per-directory solution, and can automatically force a renegotiation of the SSL parameters to meet the new configuration. This can be done as follows:</p> - <div class="example"><p><code> - # be liberal in general<br /> - SSLCipherSuite ALL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL<br /> - <br /> - <Location /strong/area><br /> - # but https://hostname/strong/area/ and below<br /> - # requires strong ciphers<br /> - SSLCipherSuite HIGH:!aNULL:!MD5<br /> - </Location> - </code></p></div> + <pre class="prettyprint lang-config"> +# be liberal in general +SSLCipherSuite ALL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL + +<Location /strong/area> +# but https://hostname/strong/area/ and below +# requires strong ciphers +SSLCipherSuite HIGH:!aNULL:!MD5 +</Location> + </pre> + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="section"> @@ -125,13 +130,14 @@ Intranet website, for clients coming from the Internet?</a></li> need to do is to create client certificates signed by your own CA certificate (<code>ca.crt</code>) and then verify the clients against this certificate.</p> - <div class="example"><h3>httpd.conf</h3><p><code> - # require a client certificate which has to be directly<br /> - # signed by our CA certificate in ca.crt<br /> - SSLVerifyClient require<br /> - SSLVerifyDepth 1<br /> - SSLCACertificateFile conf/ssl.crt/ca.crt - </code></p></div> + <pre class="prettyprint lang-config"> +# require a client certificate which has to be directly +# signed by our CA certificate in ca.crt +SSLVerifyClient require +SSLVerifyDepth 1 +SSLCACertificateFile conf/ssl.crt/ca.crt + </pre> + <h3><a name="arbitraryclients" id="arbitraryclients">How can I force clients to authenticate using certificates for a @@ -142,15 +148,16 @@ Intranet website, for clients coming from the Internet?</a></li> you can use the per-directory reconfiguration features of <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code>:</p> - <div class="example"><h3>httpd.conf</h3><p><code> - SSLVerifyClient none<br /> - SSLCACertificateFile conf/ssl.crt/ca.crt<br /> - <br /> - <Location /secure/area><br /> - SSLVerifyClient require<br /> - SSLVerifyDepth 1<br /> - </Location><br /> - </code></p></div> + <pre class="prettyprint lang-config"> +SSLVerifyClient none +SSLCACertificateFile conf/ssl.crt/ca.crt + +<Location /secure/area> +SSLVerifyClient require +SSLVerifyDepth 1 +</Location> + </pre> + <h3><a name="certauthenticate" id="certauthenticate">How can I allow only clients who have certificates to access a @@ -169,22 +176,24 @@ Intranet website, for clients coming from the Internet?</a></li> you should establish a password database containing <em>all</em> clients allowed, as follows:</p> - <div class="example"><h3>httpd.conf</h3><pre> + <pre class="prettyprint lang-config"> SSLVerifyClient none -<Directory /usr/local/apache2/htdocs/secure/area> - -SSLVerifyClient require -SSLVerifyDepth 5 SSLCACertificateFile conf/ssl.crt/ca.crt SSLCACertificatePath conf/ssl.crt -SSLOptions +FakeBasicAuth -SSLRequireSSL -AuthName "Snake Oil Authentication" -AuthType Basic -AuthBasicProvider file -AuthUserFile /usr/local/apache2/conf/httpd.passwd -Require valid-user -</Directory></pre></div> + +<Directory /usr/local/apache2/htdocs/secure/area> + SSLVerifyClient require + SSLVerifyDepth 5 + SSLOptions +FakeBasicAuth + SSLRequireSSL + AuthName "Snake Oil Authentication" + AuthType Basic + AuthBasicProvider file + AuthUserFile /usr/local/apache2/conf/httpd.passwd + Require valid-user +</Directory> + </pre> + <p>The password used in this example is the DES encrypted string "password". See the <code class="directive"><a href="../mod/mod_ssl.html#ssloptions">SSLOptions</a></code> docs for more @@ -199,19 +208,21 @@ Require valid-user into the DN, you can match them more easily using <code class="directive"><a href="../mod/mod_ssl.html#sslrequire">SSLRequire</a></code>, as follows:</p> - <div class="example"><h3>httpd.conf</h3><pre> + <pre class="prettyprint lang-config"> SSLVerifyClient none -<Directory /usr/local/apache2/htdocs/secure/area> +SSLCACertificateFile conf/ssl.crt/ca.crt +SSLCACertificatePath conf/ssl.crt +<Directory /usr/local/apache2/htdocs/secure/area> SSLVerifyClient require SSLVerifyDepth 5 - SSLCACertificateFile conf/ssl.crt/ca.crt - SSLCACertificatePath conf/ssl.crt SSLOptions +FakeBasicAuth SSLRequireSSL SSLRequire %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} -</Directory></pre></div> +</Directory> + </pre> + <h3><a name="intranet" id="intranet">How can I require HTTPS with strong ciphers, and either basic @@ -226,49 +237,51 @@ plain HTTP access for clients on the Intranet.</a></h3> This configuration should remain outside of your HTTPS virtual host, so that it applies to both HTTPS and HTTP.</p> - <div class="example"><h3>httpd.conf</h3><pre> + <pre class="prettyprint lang-config"> SSLCACertificateFile conf/ssl.crt/company-ca.crt <Directory /usr/local/apache2/htdocs> -# Outside the subarea only Intranet access is granted -Order deny,allow -Deny from all -Allow from 192.168.1.0/24 + # Outside the subarea only Intranet access is granted + Order deny,allow + Deny from all + Allow from 192.168.1.0/24 </Directory> <Directory /usr/local/apache2/htdocs/subarea> -# Inside the subarea any Intranet access is allowed -# but from the Internet only HTTPS + Strong-Cipher + Password -# or the alternative HTTPS + Strong-Cipher + Client-Certificate - -# If HTTPS is used, make sure a strong cipher is used. -# Additionally allow client certs as alternative to basic auth. -SSLVerifyClient optional -SSLVerifyDepth 1 -SSLOptions +FakeBasicAuth +StrictRequire -SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 - -# Force clients from the Internet to use HTTPS -RewriteEngine on -RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.[0-9]+$ -RewriteCond %{HTTPS} !=on -RewriteRule . - [F] - -# Allow Network Access and/or Basic Auth -Satisfy any - -# Network Access Control -Order deny,allow -Deny from all -Allow 192.168.1.0/24 - -# HTTP Basic Authentication -AuthType basic -AuthName "Protected Intranet Area" -AuthBasicProvider file -AuthUserFile conf/protected.passwd -Require valid-user -</Directory></pre></div> + # Inside the subarea any Intranet access is allowed + # but from the Internet only HTTPS + Strong-Cipher + Password + # or the alternative HTTPS + Strong-Cipher + Client-Certificate + + # If HTTPS is used, make sure a strong cipher is used. + # Additionally allow client certs as alternative to basic auth. + SSLVerifyClient optional + SSLVerifyDepth 1 + SSLOptions +FakeBasicAuth +StrictRequire + SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 + + # Force clients from the Internet to use HTTPS + RewriteEngine on + RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.[0-9]+$ + RewriteCond %{HTTPS} !=on + RewriteRule . - [F] + + # Allow Network Access and/or Basic Auth + Satisfy any + + # Network Access Control + Order deny,allow + Deny from all + Allow 192.168.1.0/24 + + # HTTP Basic Authentication + AuthType basic + AuthName "Protected Intranet Area" + AuthBasicProvider file + AuthUserFile conf/protected.passwd + Require valid-user +</Directory> + </pre> + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="section"> @@ -285,7 +298,28 @@ Require valid-user <div class="bottomlang"> <p><span>Available Languages: </span><a href="../en/ssl/ssl_howto.html" title="English"> en </a> | <a href="../fr/ssl/ssl_howto.html" hreflang="fr" rel="alternate" title="Français"> fr </a></p> -</div><div id="footer"> +</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div> +<script type="text/javascript"><!--//--><![CDATA[//><!-- +var comments_shortname = 'httpd'; +var comments_identifier = 'http://httpd.apache.org/docs/2.4/ssl/ssl_howto.html'; +(function(w, d) { + if (w.location.hostname.toLowerCase() == "httpd.apache.org") { + d.write('<div id="comments_thread"><\/div>'); + var s = d.createElement('script'); + s.type = 'text/javascript'; + s.async = true; + s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; + (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); + } + else { + d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); + } +})(window, document); +//--><!]]></script></div><div id="footer"> <p class="apache">Copyright 2012 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> -<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> </body></html>
\ No newline at end of file diff --git a/docs/manual/ssl/ssl_howto.html.fr b/docs/manual/ssl/ssl_howto.html.fr index 64ce059a..9a5e569b 100644 --- a/docs/manual/ssl/ssl_howto.html.fr +++ b/docs/manual/ssl/ssl_howto.html.fr @@ -8,10 +8,13 @@ <title>Chiffrement fort SSL/TLS : Mode d'emploi - Serveur Apache HTTP</title> <link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> <link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> -<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.js" type="text/javascript"> +</script> + <link href="../images/favicon.ico" rel="shortcut icon" /></head> <body id="manual-page"><div id="page-header"> -<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p> <p class="apache">Serveur Apache HTTP Version 2.4</p> <img alt="" src="../images/feather.gif" /></div> <div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> @@ -37,7 +40,7 @@ chiffrement en général, mais exige un chiffrement fort pour pouvoir accéder à une URL particulière ?</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#accesscontrol">Authentification du client et contrôle d'accès</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#logging">Journalisation</a></li> -</ul></div> +</ul><ul class="seealso"><li><a href="#comments_section">Commentaires</a></li></ul></div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="section"> <h2><a name="configexample" id="configexample">Exemple de configuration basique</a></h2> @@ -46,17 +49,16 @@ accéder à une URL particulière ?</a></li> <p>Votre configuration SSL doit comporter au moins les directives suivantes :</p> -<div class="example"><p><code> - Listen 443 - <VirtualHost *:443><br /> - <span class="indent"> - ServerName www.example.com<br /> - SSLEngine on<br /> - SSLCertificateFile /chemin/vers/www.example.com.cert<br /> - SSLCertificateKeyFile /chemin/vers/www.example.com.key<br /> - </span> - </VirtualHost> -</code></p></div> +<pre class="prettyprint lang-config"> +Listen 443 +<VirtualHost *:443> + ServerName www.example.com + SSLEngine on + SSLCertificateFile /path/to/www.example.com.cert + SSLCertificateKeyFile /path/to/www.example.com.key +</VirtualHost> +</pre> + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="section"> @@ -77,9 +79,10 @@ que le chiffrement fort ?</a></h3> <p>Les directives suivantes ne permettent que les chiffrements de plus haut niveau :</p> - <div class="example"><h3>httpd.conf</h3><p><code> - SSLCipherSuite HIGH:!aNULL:!MD5<br /> - </code></p></div> + <pre class="prettyprint lang-config"> + SSLCipherSuite HIGH:!aNULL:!MD5 + </pre> + @@ -88,10 +91,11 @@ que le chiffrement fort ?</a></h3> rapidité (le choix final sera opéré par mod_ssl, dans la mesure ou le client les supporte) :</p> - <div class="example"><h3>httpd.conf</h3><p><code> - SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5<br /> - SSLHonorCipherOrder on - </code></p></div> + <pre class="prettyprint lang-config"> +SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5 +SSLHonorCipherOrder on + </pre> + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="section"> <h2><a name="strongurl" id="strongurl">Comment créer un serveur qui accepte tous les types de @@ -106,16 +110,17 @@ accéder à une URL particulière ?</a></h2> <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> peut alors forcer automatiquement une renégociation des paramètres SSL pour parvenir au but recherché. Cette configuration peut se présenter comme suit :</p> - <div class="example"><p><code> - # soyons très tolérant a priori<br /> - SSLCipherSuite ALL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL<br /> - <br /> - <Location /strong/area><br /> - # sauf pour https://hostname/strong/area/ et ses sous-répertoires<br /> - # qui exigent des chiffrements forts<br /> - SSLCipherSuite HIGH:!aNULL:!MD5<br /> - </Location> - </code></p></div> + <pre class="prettyprint lang-config"> +# soyons très tolérant a priori +SSLCipherSuite ALL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL + +<Location /strong/area> +# sauf pour https://hostname/strong/area/ et ses sous-répertoires +# qui exigent des chiffrements forts +SSLCipherSuite HIGH:!aNULL:!MD5 +</Location> + </pre> + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="section"> <h2><a name="accesscontrol" id="accesscontrol">Authentification du client et contrôle d'accès</a></h2> @@ -148,13 +153,14 @@ provenance de l'Internet ?</a></li> le certificat de votre propre autorité de certification (<code>ca.crt</code>), et d'authentifier les clients à l'aide de ces certificats.</p> - <div class="example"><h3>httpd.conf</h3><p><code> - # exige un certificat client signé par le certificat de votre CA<br /> - # contenu dans ca.crt<br /> - SSLVerifyClient require<br /> - SSLVerifyDepth 1<br /> - SSLCACertificateFile conf/ssl.crt/ca.crt - </code></p></div> + <pre class="prettyprint lang-config"> +# exige un certificat client signé par le certificat de votre CA +# contenu dans ca.crt +SSLVerifyClient require +SSLVerifyDepth 1 +SSLCACertificateFile conf/ssl.crt/ca.crt + </pre> + <h3><a name="arbitraryclients" id="arbitraryclients">Comment forcer les clients @@ -167,15 +173,16 @@ mais autoriser quand-même tout client anonyme URL particulière, vous pouvez utiliser les fonctionnalités de reconfiguration de <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> en fonction du répertoire :</p> - <div class="example"><h3>httpd.conf</h3><p><code> - SSLVerifyClient none<br /> - SSLCACertificateFile conf/ssl.crt/ca.crt<br /> - <br /> - <Location /secure/area><br /> - SSLVerifyClient require<br /> - SSLVerifyDepth 1<br /> - </Location><br /> - </code></p></div> + <pre class="prettyprint lang-config"> +SSLVerifyClient none +SSLCACertificateFile conf/ssl.crt/ca.crt + +<Location /secure/area> +SSLVerifyClient require +SSLVerifyDepth 1 +</Location> + </pre> + <h3><a name="certauthenticate" id="certauthenticate">Comment n'autoriser l'accès à une URL @@ -197,22 +204,25 @@ l'accès au reste du serveur à tous les clients ?</a></h3> de données de mots de passe contenant <em>tous</em> les clients autorisés, comme suit :</p> - <div class="example"><h3>httpd.conf</h3><pre> + <pre class="prettyprint lang-config"> SSLVerifyClient none -<Directory /usr/local/apache2/htdocs/secure/area> - -SSLVerifyClient require -SSLVerifyDepth 5 SSLCACertificateFile conf/ssl.crt/ca.crt SSLCACertificatePath conf/ssl.crt -SSLOptions +FakeBasicAuth -SSLRequireSSL -AuthName "Snake Oil Authentication" -AuthType Basic -AuthBasicProvider file -AuthUserFile /usr/local/apache2/conf/httpd.passwd -Require valid-user -</Directory></pre></div> + +<Directory /usr/local/apache2/htdocs/secure/area> +SSLVerifyClient require + SSLVerifyDepth 5 + SSLOptions +FakeBasicAuth + SSLRequireSSL + AuthName "Snake Oil Authentication" + AuthType Basic + AuthBasicProvider file + AuthUserFile /usr/local/apache2/conf/httpd.passwd + Require valid-user +</Directory> + </pre> + + <p>Le mot de passe utilisé dans cet exemple correspond à la chaîne de caractères "password" chiffrée en DES. Voir la documentation de la @@ -229,19 +239,21 @@ Require valid-user utilisant la directive <code class="directive"><a href="../mod/mod_ssl.html#sslrequire">SSLRequire</a></code>, comme suit :</p> - <div class="example"><h3>httpd.conf</h3><pre> + <pre class="prettyprint lang-config"> SSLVerifyClient none -<Directory /usr/local/apache2/htdocs/secure/area> +SSLCACertificateFile conf/ssl.crt/ca.crt +SSLCACertificatePath conf/ssl.crt +<Directory /usr/local/apache2/htdocs/secure/area> SSLVerifyClient require SSLVerifyDepth 5 - SSLCACertificateFile conf/ssl.crt/ca.crt - SSLCACertificatePath conf/ssl.crt SSLOptions +FakeBasicAuth SSLRequireSSL SSLRequire %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} -</Directory></pre></div> +</Directory> + </pre> + <h3><a name="intranet" id="intranet">Comment imposer HTTPS avec chiffrements forts, @@ -258,51 +270,53 @@ aux clients de l'intranet.</a></h3> doivent se trouver en dehors de votre hôte virtuel HTTPS, afin qu'elles s'appliquent à la fois à HTTP et HTTPS.</p> - <div class="example"><h3>httpd.conf</h3><pre> + <pre class="prettyprint lang-config"> SSLCACertificateFile conf/ssl.crt/company-ca.crt <Directory /usr/local/apache2/htdocs> -# En dehors de subarea, seul l'accès depuis l'intranet est autorisé -Order deny,allow -Deny from all -Allow from 192.168.1.0/24 +# En dehors de subarea, seul l'accès depuis l'intranet est +# autorisé + Order deny,allow + Deny from all + Allow from 192.168.1.0/24 </Directory> <Directory /usr/local/apache2/htdocs/subarea> # Dans subarea, tout accès depuis l'intranet est autorisé -# mais depuis l'Internet, seul l'accès par HTTPS + chiffrement fort - + Mot de passe +# mais depuis l'Internet, seul l'accès par HTTPS + chiffrement fort + Mot de passe # ou HTTPS + chiffrement fort + certificat client n'est autorisé. # Si HTTPS est utilisé, on s'assure que le niveau de chiffrement est fort. # Autorise en plus les certificats clients comme une alternative à # l'authentification basique. -SSLVerifyClient optional -SSLVerifyDepth 1 -SSLOptions +FakeBasicAuth +StrictRequire -SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 - -# ON oblige les clients venant d'Internet à utiliser HTTPS -RewriteEngine on -RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.[0-9]+$ -RewriteCond %{HTTPS} !=on -RewriteRule . - [F] - -# On permet l'accès soit sur les critères réseaux, soit par authentification Basique -Satisfy any - -# Contrôle d'accès réseau -Order deny,allow -Deny from all -Allow 192.168.1.0/24 - -# Configuration de l'authentification HTTP Basique -AuthType basic -AuthName "Protected Intranet Area" -AuthBasicProvider file -AuthUserFile conf/protected.passwd -Require valid-user -</Directory></pre></div> + SSLVerifyClient optional + SSLVerifyDepth 1 + SSLOptions +FakeBasicAuth +StrictRequire + SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 + + # ON oblige les clients venant d'Internet à utiliser HTTPS + RewriteEngine on + RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.[0-9]+$ + RewriteCond %{HTTPS} !=on + RewriteRule . - [F] + + # On permet l'accès soit sur les critères réseaux, soit par authentification Basique + Satisfy any + + # Contrôle d'accès réseau + Order deny,allow + Deny from all + Allow 192.168.1.0/24 + + # Configuration de l'authentification HTTP Basique + AuthType basic + AuthName "Protected Intranet Area" + AuthBasicProvider file + AuthUserFile conf/protected.passwd + Require valid-user +</Directory> + </pre> + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="section"> @@ -321,7 +335,28 @@ Require valid-user <div class="bottomlang"> <p><span>Langues Disponibles: </span><a href="../en/ssl/ssl_howto.html" hreflang="en" rel="alternate" title="English"> en </a> | <a href="../fr/ssl/ssl_howto.html" title="Français"> fr </a></p> -</div><div id="footer"> +</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Commentaires</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div> +<script type="text/javascript"><!--//--><![CDATA[//><!-- +var comments_shortname = 'httpd'; +var comments_identifier = 'http://httpd.apache.org/docs/2.4/ssl/ssl_howto.html'; +(function(w, d) { + if (w.location.hostname.toLowerCase() == "httpd.apache.org") { + d.write('<div id="comments_thread"><\/div>'); + var s = d.createElement('script'); + s.type = 'text/javascript'; + s.async = true; + s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; + (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); + } + else { + d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); + } +})(window, document); +//--><!]]></script></div><div id="footer"> <p class="apache">Copyright 2012 The Apache Software Foundation.<br />Autorisé sous <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> -<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p></div> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> </body></html>
\ No newline at end of file diff --git a/docs/manual/ssl/ssl_intro.html.en b/docs/manual/ssl/ssl_intro.html.en index 404a4413..9336c4d8 100644 --- a/docs/manual/ssl/ssl_intro.html.en +++ b/docs/manual/ssl/ssl_intro.html.en @@ -8,10 +8,13 @@ <title>SSL/TLS Strong Encryption: An Introduction - Apache HTTP Server</title> <link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> <link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> -<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.js" type="text/javascript"> +</script> + <link href="../images/favicon.ico" rel="shortcut icon" /></head> <body id="manual-page"><div id="page-header"> -<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p> <p class="apache">Apache HTTP Server Version 2.4</p> <img alt="" src="../images/feather.gif" /></div> <div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> @@ -23,14 +26,6 @@ <a href="../ja/ssl/ssl_intro.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a></p> </div> -<blockquote> -<p>The nice thing about standards is that there are so many to choose -from. And if you really don't like all the standards you just have to -wait another year until the one arises you are looking for.</p> - -<p class="cite">-- <cite>A. Tanenbaum</cite>, "Introduction to -Computer Networks"</p> -</blockquote> <p>As an introduction this chapter is aimed at readers who are familiar with the Web, HTTP, and Apache, but are not security experts. It is not @@ -39,21 +34,12 @@ specific techniques for managing certificates in an organization, or the important legal issues of patents and import and export restrictions. Rather, it is intended to provide a common background to <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> users by pulling together various concepts, definitions, and examples as a starting point for further exploration.</p> - -<p>The presented content is mainly derived, with the author's permission, -from the article <a href="http://home.comcast.net/~fjhirsch/Papers/wwwj/">Introducing -SSL and Certificates using SSLeay</a> by <a href="http://home.comcast.net/~fjhirsch/">Frederick J. Hirsch</a>, of The -Open Group Research Institute, which was published in <a href="http://www.ora.com/catalog/wjsum97/">Web Security: A Matter of -Trust</a>, World Wide Web Journal, Volume 2, Issue 3, Summer 1997. -Please send any positive feedback to <a href="mailto:hirsch@fjhirsch.com">Frederick Hirsch</a> (the original -article author) and all negative feedback to <a href="mailto:rse@engelschall.com">Ralf S. Engelschall</a> (the -<code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> author).</p> </div> <div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#cryptographictech">Cryptographic Techniques</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#certificates">Certificates</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#ssl">Secure Sockets Layer (SSL)</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#references">References</a></li> -</ul></div> +</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="section"> <h2><a name="cryptographictech" id="cryptographictech">Cryptographic Techniques</a></h2> @@ -255,7 +241,7 @@ certificates are used for authentication.</p> as <code>*.snakeoil.com</code>.</p> <p>The binary format of a certificate is defined using the ASN.1 - notation [<a href="#X208">X208</a>] [<a href="#PKCS">PKCS</a>]. This + notation [<a href="#ASN1">ASN1</a>] [<a href="#PKCS">PKCS</a>]. This notation defines how to specify the contents and encoding rules define how this information is translated into binary form. The binary encoding of the certificate is defined using Distinguished Encoding @@ -396,7 +382,7 @@ establishing a protocol session.</p> <th>Description</th> <th>Browser Support</th></tr> <tr><td>SSL v2.0</td> - <td>Vendor Standard (from Netscape Corp.) [<a href="#SSL2">SSL2</a>]</td> + <td>Vendor Standard (from Netscape Corp.)</td> <td>First SSL protocol for which implementations exist</td> <td>- NS Navigator 1.x/2.x<br /> - MS IE 3.x<br /> @@ -414,6 +400,16 @@ establishing a protocol session.</p> padding for block ciphers, message order standardization and more alert messages.</td> <td>- Lynx/2.8+OpenSSL</td></tr> + <tr><td>TLS v1.1</td> + <td>Proposed Internet Standard (from IETF) [<a href="#TLS11">TLS11</a>]</td> + <td>Update of TLS 1.0 to add protection against Cipher block chaining + (CBC) attacks.</td> + <td>-</td></tr> + <tr><td>TLS v1.2</td> + <td>Proposed Internet Standard (from IETF) [<a href="#TLS12">TLS12</a>]</td> + <td>Update of TLS 1.2 deprecating MD5 as hash, and adding incompatibility + to SSL so it will never negotiate the use of SSLv2.</td> + <td>-</td></tr> </table> @@ -444,7 +440,7 @@ the Internet Engineering Task Force (IETF).</p> to start a session. To do this, the server assigns each SSL session a unique session identifier which is cached in the server and which the client can use in future connections to reduce the handshake time - (until the session identifer expires from the cache of the server).</p> + (until the session identifier expires from the cache of the server).</p> </div> <p class="figure"> @@ -611,14 +607,14 @@ the Internet Engineering Task Force (IETF).</p> 1996. See <a href="http://www.counterpane.com/">http://www.counterpane.com/</a> for various other materials by Bruce Schneier.</dd> -<dt><a id="X208" name="X208">[X208]</a></dt> +<dt><a id="ASN1" name="ASN1">[ASN1]</a></dt> <dd>ITU-T Recommendation X.208, <q>Specification of Abstract Syntax Notation -One (ASN.1)</q>, 1988. See for instance <a href="http://www.itu.int/rec/recommendation.asp?type=items&lang=e&parent=T-REC-X.208-198811-I">http://www.itu.int/rec/recommendation.asp?type=items&lang=e&parent=T-REC-X.208-198811-I</a>. +One (ASN.1)</q>, last updated 2008. See <a href="http://www.itu.int/ITU-T/asn1/">http://www.itu.int/ITU-T/asn1/</a>. </dd> <dt><a id="X509" name="X509">[X509]</a></dt> <dd>ITU-T Recommendation X.509, <q>The Directory - Authentication -Framework</q>. See for instance <a href="http://www.itu.int/rec/recommendation.asp?type=folders&lang=e&parent=T-REC-X.509">http://www.itu.int/rec/recommendation.asp?type=folders&lang=e&parent=T-REC-X.509</a>. +Framework</q>. For references, see <a href="http://en.wikipedia.org/wiki/X.509">http://en.wikipedia.org/wiki/X.509</a>. </dd> <dt><a id="PKCS" name="PKCS">[PKCS]</a></dt> @@ -628,10 +624,7 @@ RSA Laboratories Technical Notes, See <a href="http://www.rsasecurity.com/rsalab <dt><a id="MIME" name="MIME">[MIME]</a></dt> <dd>N. Freed, N. Borenstein, <q>Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies</q>, RFC2045. -See for instance <a href="http://ietf.org/rfc/rfc2045.txt">http://ietf.org/rfc/rfc2045.txt</a>.</dd> - -<dt><a id="SSL2" name="SSL2">[SSL2]</a></dt> -<dd>Kipp E.B. Hickman, <q>The SSL Protocol</q>, 1995. See <a href="http://www.netscape.com/eng/security/SSL_2.html">http://www.netscape.com/eng/security/SSL_2.html</a>.</dd> +See for instance <a href="http://tools.ietf.org/html/rfc2045">http://tools.ietf.org/html/rfc2045</a>.</dd> <dt><a id="SSL3" name="SSL3">[SSL3]</a></dt> <dd>Alan O. Freier, Philip Karlton, Paul C. Kocher, <q>The SSL Protocol @@ -640,13 +633,42 @@ Version 3.0</q>, 1996. See <a href="http://www.netscape.com/eng/ssl3/draft302.tx <dt><a id="TLS1" name="TLS1">[TLS1]</a></dt> <dd>Tim Dierks, Christopher Allen, <q>The TLS Protocol Version 1.0</q>, 1999. See <a href="http://ietf.org/rfc/rfc2246.txt">http://ietf.org/rfc/rfc2246.txt</a>.</dd> + +<dt><a id="TLS11" name="TLS11">[TLS11]</a></dt> +<dd><q>The TLS Protocol Version 1.1</q>, +2006. See <a href="http://tools.ietf.org/html/rfc4346">http://tools.ietf.org/html/rfc4346</a>.</dd> + +<dt><a id="TLS12" name="TLS12">[TLS12]</a></dt> +<dd><q>The TLS Protocol Version 1.2</q>, +2008. See <a href="http://tools.ietf.org/html/rfc5246">http://tools.ietf.org/html/rfc5246</a>.</dd> </dl> </div></div> <div class="bottomlang"> <p><span>Available Languages: </span><a href="../en/ssl/ssl_intro.html" title="English"> en </a> | <a href="../fr/ssl/ssl_intro.html" hreflang="fr" rel="alternate" title="Français"> fr </a> | <a href="../ja/ssl/ssl_intro.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a></p> -</div><div id="footer"> +</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div> +<script type="text/javascript"><!--//--><![CDATA[//><!-- +var comments_shortname = 'httpd'; +var comments_identifier = 'http://httpd.apache.org/docs/2.4/ssl/ssl_intro.html'; +(function(w, d) { + if (w.location.hostname.toLowerCase() == "httpd.apache.org") { + d.write('<div id="comments_thread"><\/div>'); + var s = d.createElement('script'); + s.type = 'text/javascript'; + s.async = true; + s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; + (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); + } + else { + d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); + } +})(window, document); +//--><!]]></script></div><div id="footer"> <p class="apache">Copyright 2012 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> -<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> </body></html>
\ No newline at end of file diff --git a/docs/manual/ssl/ssl_intro.html.fr b/docs/manual/ssl/ssl_intro.html.fr index 4795aa49..40fd31dc 100644 --- a/docs/manual/ssl/ssl_intro.html.fr +++ b/docs/manual/ssl/ssl_intro.html.fr @@ -8,10 +8,13 @@ <title>Chiffrement SSL/TLS fort : Introduction - Serveur Apache HTTP</title> <link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> <link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> -<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.js" type="text/javascript"> +</script> + <link href="../images/favicon.ico" rel="shortcut icon" /></head> <body id="manual-page"><div id="page-header"> -<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p> <p class="apache">Serveur Apache HTTP Version 2.4</p> <img alt="" src="../images/feather.gif" /></div> <div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> @@ -22,17 +25,7 @@ <a href="../fr/ssl/ssl_intro.html" title="Français"> fr </a> | <a href="../ja/ssl/ssl_intro.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a></p> </div> -<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version - anglaise pour les changements récents.</div> - -<blockquote> -<p>Ce qui est agréable avec les standards est d'avoir l'embarras du choix. Et -si certains standards ne vous conviennent pas vraiment, il vous suffit -d'attendre un an pour voir apparaître celui qui répondra à vos attentes.</p> -<p class="cite">-- <cite>A. Tanenbaum</cite>, "Introduction to -Computer Networks"</p> -</blockquote> <p>Ce chapitre en guise d'introduction est destiné aux lecteurs pour lesquels le Web, HTTP et Apache sont familiers, mais ne sont pas des experts en matière @@ -44,20 +37,12 @@ une base de travail pour les utilisateurs de <code class="module"><a href="../mo rassemblant différents concepts, définitions et exemples comme point de départ pour une exploration plus détaillée.</p> -<p>Le contenu s'inspire en grande partie, avec la permission de l'auteur, -de l'article <a href="http://home.comcast.net/~fjhirsch/Papers/wwwj/">Introducing -SSL and Certificates using SSLeay</a> de <a href="http://home.comcast.net/~fjhirsch/">Frederick J. Hirsch</a>, de -l'Open Group Research Institute, publié dans <a href="http://www.ora.com/catalog/wjsum97/">Web Security: A Matter of -Trust</a>, World Wide Web Journal, Volume 2, Issue 3, Summer 1997. Vous -pouvez envoyer toute remarque positive à <a href="mailto:hirsch@fjhirsch.com">Frederick Hirsch</a> (l'auteur de l'article -original) et toute remarque négative à <a href="mailto:rse@engelschall.com">Ralf S. Engelschall</a> (l'auteur du module -<code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code>).</p> </div> <div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#cryptographictech">Techniques de chiffrement</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#certificates">Certificats</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#ssl">Couche Points d'Accès Sécurisés - Secure Sockets Layer (SSL)</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#references">Références</a></li> -</ul></div> +</ul><ul class="seealso"><li><a href="#comments_section">Commentaires</a></li></ul></div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="section"> <h2><a name="cryptographictech" id="cryptographictech">Techniques de chiffrement</a></h2> @@ -275,7 +260,7 @@ on utilise les certificats à des fins d'authentification.</p> <code>*.snakeoil.com</code>.</p> <p>Le format binaire d'un certificat est défini en utilisant la - notation ASN.1 [<a href="#X208">X208</a>] [<a href="#PKCS">PKCS</a>]. + notation ASN.1 [<a href="#ASN1">ASN1</a>] [<a href="#PKCS">PKCS</a>]. Cette notation definit la manière de spécifier les contenus, et les règles d'encodage définissent la manière dont ces information sont converties au format binaire. L'encodage binaire du certificat est défini par les Règles @@ -426,7 +411,7 @@ l'établissement de la session protocolaire.</p> <th>Description</th> <th>Navigateurs supportés</th></tr> <tr><td>SSL v2.0</td> - <td>Standard du fournisseur (de Netscape Corp.) [<a href="#SSL2">SSL2</a>]</td> + <td>Standard du fournisseur (de Netscape Corp.)</td> <td>Premier protocole SSL pour lequel il existe des implémentations</td> <td>- NS Navigator 1.x/2.x<br /> - MS IE 3.x<br /> @@ -445,6 +430,17 @@ l'établissement de la session protocolaire.</p> ajout du bourrage de bloc pour le chiffrement de bloc, standardisation de l'ordonnancement des messages et plus de messages d'alerte.</td> <td>- Lynx/2.8+OpenSSL</td></tr> + <tr><td>TLS v1.1</td> + <td>Standard proposé pour l'Internet (de l'IETF) [<a href="#TLS11">TLS11</a>]</td> + <td>Mise à jour de TLS 1.0 pour la protection contre les + attaques de type Cipher block chaining (CBC).</td> + <td>-</td></tr> + <tr><td>TLS v1.2</td> + <td>Standard proposé pour l'Internet (de l'IETF) [<a href="#TLS12">TLS12</a>]</td> + <td>Mise à jour de TLS 1.2 rendant les condensés MD5 obsolètes, + et introduisant une incompatibilité avec SSL ce qui interdit toute + négociation en vue d'une utilisation de SSLv2.</td> + <td>-</td></tr> </table> @@ -666,14 +662,14 @@ l'Internet Engineering Task Force (IETF).</p> 1996. Voir <a href="http://www.counterpane.com/">http://www.counterpane.com/</a> pour diverses autres productions de Bruce Schneier.</dd> -<dt><a id="X208" name="X208">[X208]</a></dt> +<dt><a id="ASN1" name="ASN1">[ASN1]</a></dt> <dd>ITU-T Recommendation X.208, <q>Specification of Abstract Syntax Notation -One (ASN.1)</q>, 1988. Voir par exemple <a href="http://www.itu.int/rec/recommendation.asp?type=items&lang=e&parent=T-REC-X.208-198811-I">http://www.itu.int/rec/recommendation.asp?type=items&lang=e&parent=T-REC-X.208-198811-I</a>. +One (ASN.1)</q>, dernière mise à jour en 2008. Voir <a href="http://www.itu.int/ITU-T/asn1/">http://www.itu.int/ITU-T/asn1/</a>. </dd> <dt><a id="X509" name="X509">[X509]</a></dt> <dd>ITU-T Recommendation X.509, <q>The Directory - Authentication -Framework</q>. Voir par exemple <a href="http://www.itu.int/rec/recommendation.asp?type=folders&lang=e&parent=T-REC-X.509">http://www.itu.int/rec/recommendation.asp?type=folders&lang=e&parent=T-REC-X.509</a>. +Framework</q>. A titre de référence, voir <a href="http://en.wikipedia.org/wiki/X.509">http://en.wikipedia.org/wiki/X.509</a>. </dd> <dt><a id="PKCS" name="PKCS">[PKCS]</a></dt> @@ -683,10 +679,7 @@ RSA Laboratories Technical Notes, Voir <a href="http://www.rsasecurity.com/rsala <dt><a id="MIME" name="MIME">[MIME]</a></dt> <dd>N. Freed, N. Borenstein, <q>Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies</q>, RFC2045. -Voir par exemple <a href="http://ietf.org/rfc/rfc2045.txt">http://ietf.org/rfc/rfc2045.txt</a>.</dd> - -<dt><a id="SSL2" name="SSL2">[SSL2]</a></dt> -<dd>Kipp E.B. Hickman, <q>The SSL Protocol</q>, 1995. See <a href="http://www.netscape.com/eng/security/SSL_2.html">http://www.netscape.com/eng/security/SSL_2.html</a>.</dd> +Voir par exemple <a href="http://tools.ietf.org/html/rfc2045">http://tools.ietf.org/html/rfc2045</a>.</dd> <dt><a id="SSL3" name="SSL3">[SSL3]</a></dt> <dd>Alan O. Freier, Philip Karlton, Paul C. Kocher, <q>The SSL Protocol @@ -695,13 +688,42 @@ Version 3.0</q>, 1996. Voir <a href="http://www.netscape.com/eng/ssl3/draft302.t <dt><a id="TLS1" name="TLS1">[TLS1]</a></dt> <dd>Tim Dierks, Christopher Allen, <q>The TLS Protocol Version 1.0</q>, 1999. Voir <a href="http://ietf.org/rfc/rfc2246.txt">http://ietf.org/rfc/rfc2246.txt</a>.</dd> + +<dt><a id="TLS11" name="TLS11">[TLS11]</a></dt> +<dd><q>Le protocole TLS Version 1.1</q>, +2006. Voir <a href="http://tools.ietf.org/html/rfc4346">http://tools.ietf.org/html/rfc4346</a>.</dd> + +<dt><a id="TLS12" name="TLS12">[TLS12]</a></dt> +<dd><q>Le protocole TLS Version 1.2</q>, +2008. Voir <a href="http://tools.ietf.org/html/rfc5246">http://tools.ietf.org/html/rfc5246</a>.</dd> </dl> </div></div> <div class="bottomlang"> <p><span>Langues Disponibles: </span><a href="../en/ssl/ssl_intro.html" hreflang="en" rel="alternate" title="English"> en </a> | <a href="../fr/ssl/ssl_intro.html" title="Français"> fr </a> | <a href="../ja/ssl/ssl_intro.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a></p> -</div><div id="footer"> +</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Commentaires</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div> +<script type="text/javascript"><!--//--><![CDATA[//><!-- +var comments_shortname = 'httpd'; +var comments_identifier = 'http://httpd.apache.org/docs/2.4/ssl/ssl_intro.html'; +(function(w, d) { + if (w.location.hostname.toLowerCase() == "httpd.apache.org") { + d.write('<div id="comments_thread"><\/div>'); + var s = d.createElement('script'); + s.type = 'text/javascript'; + s.async = true; + s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; + (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); + } + else { + d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); + } +})(window, document); +//--><!]]></script></div><div id="footer"> <p class="apache">Copyright 2012 The Apache Software Foundation.<br />Autorisé sous <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> -<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p></div> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> </body></html>
\ No newline at end of file diff --git a/docs/manual/ssl/ssl_intro.html.ja.utf8 b/docs/manual/ssl/ssl_intro.html.ja.utf8 index 56da63b0..cd7ee239 100644 --- a/docs/manual/ssl/ssl_intro.html.ja.utf8 +++ b/docs/manual/ssl/ssl_intro.html.ja.utf8 @@ -8,10 +8,13 @@ <title>SSL/TLS æš—å·åŒ–: ã¯ã˜ã‚ã« - Apache HTTP サーãƒ</title> <link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> <link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> -<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.js" type="text/javascript"> +</script> + <link href="../images/favicon.ico" rel="shortcut icon" /></head> <body id="manual-page"><div id="page-header"> -<p class="menu"><a href="../mod/">モジュール</a> | <a href="../mod/directives.html">ディレクティブ</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">用語</a> | <a href="../sitemap.html">サイトマップ</a></p> +<p class="menu"><a href="../mod/">モジュール</a> | <a href="../mod/directives.html">ディレクティブ</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">用語</a> | <a href="../sitemap.html">サイトマップ</a></p> <p class="apache">Apache HTTP サームãƒãƒ¼ã‚¸ãƒ§ãƒ³ 2.4</p> <img alt="" src="../images/feather.gif" /></div> <div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> @@ -63,7 +66,7 @@ Apache ドã‚ュメント翻訳プãƒã‚¸ã‚§ã‚¯ãƒˆ</a> <li><img alt="" src="../images/down.gif" /> <a href="#certificates">証明書</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#ssl">Secure Sockets Layer (SSL)</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#references">å‚考文献</a></li> -</ul></div> +</ul><ul class="seealso"><li><a href="#comments_section">コメント</a></li></ul></div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="section"> <h2><a name="cryptographictech" id="cryptographictech">æš—å·åŒ–技術</a></h2> @@ -698,7 +701,28 @@ Version 3.0</q>, 1996. See <a href="http://www.netscape.com/eng/ssl3/draft302.tx <p><span>翻訳済ã¿è¨€èªž: </span><a href="../en/ssl/ssl_intro.html" hreflang="en" rel="alternate" title="English"> en </a> | <a href="../fr/ssl/ssl_intro.html" hreflang="fr" rel="alternate" title="Français"> fr </a> | <a href="../ja/ssl/ssl_intro.html" title="Japanese"> ja </a></p> -</div><div id="footer"> +</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">コメント</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div> +<script type="text/javascript"><!--//--><![CDATA[//><!-- +var comments_shortname = 'httpd'; +var comments_identifier = 'http://httpd.apache.org/docs/2.4/ssl/ssl_intro.html'; +(function(w, d) { + if (w.location.hostname.toLowerCase() == "httpd.apache.org") { + d.write('<div id="comments_thread"><\/div>'); + var s = d.createElement('script'); + s.type = 'text/javascript'; + s.async = true; + s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; + (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); + } + else { + d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); + } +})(window, document); +//--><!]]></script></div><div id="footer"> <p class="apache">Copyright 2012 The Apache Software Foundation.<br />ã“ã®æ–‡æ›¸ã¯ <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a> ã®ãƒ©ã‚¤ã‚»ãƒ³ã‚¹ã§æä¾›ã•ã‚Œã¦ã„ã¾ã™ã€‚.</p> -<p class="menu"><a href="../mod/">モジュール</a> | <a href="../mod/directives.html">ディレクティブ</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">用語</a> | <a href="../sitemap.html">サイトマップ</a></p></div> +<p class="menu"><a href="../mod/">モジュール</a> | <a href="../mod/directives.html">ディレクティブ</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">用語</a> | <a href="../sitemap.html">サイトマップ</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> </body></html>
\ No newline at end of file |