VladPolskiy/apache_httpd
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-07-23 00:50:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ee571444f5b37472ec7c66bb1e00b577c651936f
apache_httpd/LAYOUT
Jim Jagielski 507e66cc67 Merge r1526168, r1527291, r1527294, r1527295, r1527926 from trunk: 
Streamline ephemeral key handling:

- drop support for ephemeral RSA keys (only allowed/needed
  for export ciphers)

- drop pTmpKeys from the per-process SSLModConfigRec, and remove
  the temp key generation at startup (unnecessary for DHE/ECDHE)

- unconditionally disable null and export-grade ciphers by always
  prepending "!aNULL:!eNULL:!EXP:" to any cipher suite string

- do not configure per-connection SSL_tmp_*_callbacks, as it is
  sufficient to set them for the SSL_CTX

- set default curve for ECDHE at startup, obviating the need
  for a per-handshake callback, for the time being (and also
  configure SSL_OP_SINGLE_ECDH_USE, previously left out)

For additional background, see
https://mail-archives.apache.org/mod_mbox/httpd-dev/201309.mbox/%3C52358ED1.2070704@velox.ch%3E


Follow-up fixes for r1526168:

- drop SSL_TMP_KEY_* constants from ssl_private.h, too

- make sure we also disable aNULL, eNULL and EXP ciphers
  for per-directory SSLCipherSuite directives

- apply the same treatment to SSLProxyCipherSuite


Increase minimum required OpenSSL version to 0.9.8a (in preparation
for the next mod_ssl commit, which will rely on the get_rfcX_prime_Y
functions added in that release):

- remove obsolete #defines / macros

- in ssl_private.h, regroup definitions based on whether
  they depend on TLS extension support or not

- for ECC and SRP support, set HAVE_X and change the rather awkward
  #ifndef OPENSSL_NO_X lines accordingly

For the discussion prior to taking this step, see
https://mail-archives.apache.org/mod_mbox/httpd-dev/201309.mbox/%3C524275C7.9060408%40velox.ch%3E


Improve ephemeral key handling (companion to r1526168):

- allow to configure custom DHE or ECDHE parameters via the
  SSLCertificateFile directive, and adapt its documentation
  accordingly (addresses PR 49559)

- add standardized DH parameters from RFCs 2409 and 3526,
  use them based on the length of the certificate's RSA/DSA key,
  and add a FAQ entry for clients which limit DH support
  to 1024 bits (such as Java 7 and earlier)

- move ssl_dh_GetParamFromFile() from ssl_engine_dh.c to
  ssl_util_ssl.c, and add ssl_ec_GetParamFromFile()

- drop ssl_engine_dh.c from mod_ssl

For the standardized DH parameters, OpenSSL version 0.9.8a
or later is required, which was therefore made a new minimum
requirement in r1527294.


PR 55616 (add missing APLOGNO), part 2
Submitted by: kbrand
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1542327 13f79535-47bb-0310-9956-ffa450edef68
2013-11-15 17:06:18 +00:00

174 lines
4.0 KiB
Plaintext
Raw Blame History

The httpd-2.1 Source Tree LAYOUT
--------------------------------
./ .................... Top-Level httpd-2.1 Root Directory
ABOUT_APACHE .......... Overview of the Apache HTTP Server
LAYOUT ................ This file describing the source tree
README ................ Overview of this distribution
STATUS ................ Current project activity and commentary
build/ ................ Supporting tools for buildconf/configure
win32/ ................ Supporting tools for Win32 MSVC builds
docs/ ................. Documentation and Examples
cgi-examples/ .........
conf/ .................
docroot/ ..............
error/ ................
include/ ..............
icons/ ................
small/ ................
man/ ..................
manual/ ...............
developer/ ............
faq/ ..................
howto/ ................
images/ ...............
misc/ .................
mod/ ..................
platform/ .............
programs/ .............
search/ ...............
ssl/ ..................
style/ ................
vhosts/ ...............
include/ ................
modules/ ................ Manditory and Add-In Apache stock modules
aaa/ ....................
arch/ ...................
netware/ ................
win32/ ..................
cache/ ..................
dav/ ....................
fs/ .....................
main/ ...................
echo/ ...................
experimental/ ...........
filters/ ................
generators/ .............
http/ ................... HTTP: protocol module
loggers/ ................
mappers/ ................
metadata/ ...............
pop3/ ...................
private/ ................
proxy/ ..................
ssl/ .................... HTTPS: SSL v2/v3 and TLS v1 protocol module
README .................. Overview of mod_ssl
README.dsov.fig ......... Overview diagram of mod_ssl design
README.dsov.ps .......... Overview diagram of mod_ssl design
Makefile.in ............. Makefile template for Unix platform
config.m4 ............... Autoconf stub for the Apache config mechanism
mod_ssl.c ............... main source file containing API structures
mod_ssl.h ............... common header file of mod_ssl
ssl_engine_config.c ..... module configuration handling
ssl_engine_init.c ....... module initialization
ssl_engine_io.c ......... I/O support
ssl_engine_kernel.c ..... SSL engine kernel
ssl_engine_log.c ........ logfile support
ssl_engine_mutex.c ...... mutual exclusion support
ssl_engine_pphrase.c .... pass-phrase handling
ssl_engine_rand.c ....... PRNG support
ssl_engine_vars.c ....... Variable Expansion support
ssl_scache.c ............ session cache abstraction layer
ssl_util.c .............. utility functions
ssl_util_ssl.c .......... the OpenSSL companion source
ssl_util_ssl.h .......... the OpenSSL companion header
test/ ................... not distributed with released source tarballs
os/ .....................
bs2000/ .................
netware/ ................
os2/ ....................
unix/ ...................
win32/ ..................
server/ .................
mpm/ ....................
event/ ..................
mpmt_os2/ ...............
netware/ ................
prefork/ ................
winnt/ ..................
worker/ .................
srclib/ ................... Additional Libraries
apr/ ...................... SEE srclib/apr/LAYOUT
apr-util/ ................. SEE srclib/apr/LAYOUT
pcre/ .....................
doc/ ......................
testdata/ .................
support/ ................ Sources for Support Binaries
SHA1/ .................. Ancient SHA1 password conversion utilities
win32/ ................. Win32-only Support Applications
test/ ................... not distributed with released source tarballs
Reference in New Issue View Git Blame Copy Permalink