Apache模块mod_ssl
描述: | 使用安全套接字层(SSL)和传输层安全性(TLS)协议的强大加密技术 |
---|---|
状态: | 延期 |
模块标识符: | ssl_module |
源文件: | mod_ssl.c |
概要
此模块为Apache HTTP Server提供SSL v3和TLS v1.x支持。SSL v2不再受支持。
这个模块依靠OpenSSL 来提供密码引擎。
SSL文档中提供了更多细节,讨论和示例 。
主题
- 环境变量
- 自定义日志格式
- 请求注释
- 表达式解析器扩展
- 授权提供程序与Require一起使用
指令
- SSLCACertificateFile
- SSLCACertificatePath
- SSLCADNRequestFile
- SSLCADNRequestPath
- SSLCARevocationCheck
- SSLCARevocationFile
- SSLCARevocationPath
- SSLCertificateChainFile
- 了SSLCertificateFile
- 了SSLCertificateKeyFile
- 的SSLCipherSuite
- SSLCompression
- SSLCryptoDevice
- 的SSLEngine
- SSLFIPS
- SSLHonorCipherOrder
- SSLInsecureRenegotiation
- SSLOCSPDefaultResponder
- SSLOCSPEnable
- SSLOCSPNoverify
- SSLOCSPOverrideResponder
- SSLOCSPProxyURL
- SSLOCSPResponderCertificateFile
- SSLOCSPResponderTimeout
- SSLOCSPResponseMaxAge
- SSLOCSPResponseTimeSkew
- SSLOCSPUseRequestNonce
- SSLOpenSSLConfCmd
- SSLOptions
- SSLPassPhraseDialog
- SSLProtocol
- SSLProxyCACertificateFile
- SSLProxyCACertificatePath
- SSLProxyCARevocationCheck
- SSLProxyCARevocationFile
- SSLProxyCARevocationPath
- SSLProxyCheckPeerCN
- SSLProxyCheckPeerExpire
- SSLProxyCheckPeerName
- SSLProxyCipherSuite
- SSLProxyEngine
- SSLProxyMachineCertificateChainFile
- SSLProxyMachineCertificateFile
- SSLProxyMachineCertificatePath
- SSLProxyProtocol
- SSLProxyVerify
- SSLProxyVerifyDepth
- SSLRandomSeed
- SSLRenegBufferSize
- SSLRequire
- SSLRequireSSL
- SSLSessionCache
- SSLSessionCacheTimeout
- SSLSessionTicketKeyFile
- SSLSessionTickets
- SSLSRPUnknownUserSeed
- SSLSRPVerifierFile
- SSLStaplingCache
- SSLStaplingErrorCacheTimeout
- SSLStaplingFakeTryLater
- SSLStaplingForceURL
- SSLStaplingResponderTimeout
- SSLStaplingResponseMaxAge
- SSLStaplingResponseTimeSkew
- SSLStaplingReturnResponderErrors
- SSLStaplingStandardCacheTimeout
- SSLStrictSNIVHostCheck
- SSLUserName
- SSLUseStapling
- SSLVerifyClient
- SSLVerifyDepth
Bugfix清单
- httpd更新日志
- 已知的问题
- 报告一个错误
也可以看看
- 注释
环境变量
可以将此模块配置为向SSI和CGI命名空间提供多项SSL信息作为附加环境变量。由于性能原因,此信息不是默认提供的。(请参阅 SSLOptions
下面的StdEnvVars。)生成的变量在下表中列出。为了向后兼容,信息也可以以不同的名字提供。有关兼容性变量的详细信息,请参阅兼容性一章。
变量名: | 值类型: | 描述: |
---|---|---|
HTTPS |
旗 | 正在使用HTTPS。 |
SSL_PROTOCOL |
串 | SSL协议版本(SSLv3,TLSv1,TLSv1.1,TLSv1.2) |
SSL_SESSION_ID |
串 | 十六进制编码的SSL会话ID |
SSL_SESSION_RESUMED |
串 | 初始或恢复SSL会话。注意:如果正在使用HTTP KeepAlive,则可能会在相同(初始或已恢复)的SSL会话上提供多个请求 |
SSL_SECURE_RENEG |
串 | true 如果支持安全的重新协商,其他 false |
SSL_CIPHER |
串 | 密码规范名称 |
SSL_CIPHER_EXPORT |
串 | true 如果密码是出口密码 |
SSL_CIPHER_USEKEYSIZE |
数 | 密码位数(实际使用) |
SSL_CIPHER_ALGKEYSIZE |
数 | 密码位数(可能) |
SSL_COMPRESS_METHOD |
串 | SSL压缩方法协商 |
SSL_VERSION_INTERFACE |
串 | mod_ssl程序版本 |
SSL_VERSION_LIBRARY |
串 | OpenSSL程序版本 |
SSL_CLIENT_M_VERSION |
串 | 客户端证书的版本 |
SSL_CLIENT_M_SERIAL |
串 | 客户端证书的序列 |
SSL_CLIENT_S_DN |
串 | 在客户的证书中的主题DN |
SSL_CLIENT_S_DN_ X509 |
串 | 客户主题DN的组件 |
SSL_CLIENT_SAN_Email_ ñ |
串 | 客户证书的类型为rfc822Name的subjectAltName扩展条目 |
SSL_CLIENT_SAN_DNS_ ñ |
串 | 客户端证书的类型为dNSName的subjectAltName扩展条目 |
SSL_CLIENT_SAN_OTHER_msUPN_ ñ |
串 | 客户端证书的subjectAltName扩展条目类型otherName,Microsoft用户主体名称窗体(OID 1.3.6.1.4.1.311.20.2.3) |
SSL_CLIENT_I_DN |
串 | 客户证书的颁发者DN |
SSL_CLIENT_I_DN_ X509 |
串 | 客户发行人DN的组件 |
SSL_CLIENT_V_START |
串 | 客户证书的有效期(开始时间) |
SSL_CLIENT_V_END |
串 | 客户证书的有效期(结束时间) |
SSL_CLIENT_V_REMAIN |
串 | 客户证书到期的天数 |
SSL_CLIENT_A_SIG |
串 | 用于签名客户证书的算法 |
SSL_CLIENT_A_KEY |
串 | 用于客户端证书的公钥的算法 |
SSL_CLIENT_CERT |
串 | PEM编码的客户端证书 |
SSL_CLIENT_CERT_CHAIN_ ñ |
串 | 客户端证书链中的PEM编码的证书 |
SSL_CLIENT_CERT_RFC4523_CEA |
串 | 证书的序列号和颁发者。格式与RFC4523中CertificateExactAssertion的格式相匹配 |
SSL_CLIENT_VERIFY |
串 | NONE ,SUCCESS ,GENEROUS 或FAILED: 原因 |
SSL_SERVER_M_VERSION |
串 | 服务器证书的版本 |
SSL_SERVER_M_SERIAL |
串 | 服务器证书的序列号 |
SSL_SERVER_S_DN |
串 | 服务器证书中的主题DN |
SSL_SERVER_SAN_Email_ ñ |
串 | 服务器证书的类型为rfc822Name的subjectAltName扩展条目 |
SSL_SERVER_SAN_DNS_ ñ |
串 | 服务器证书的类型为dNSName的subjectAltName扩展条目 |
SSL_SERVER_SAN_OTHER_dnsSRV_ ñ |
串 | 服务器证书的subjectAltName扩展条目类型otherName,SRVName形式(OID 1.3.6.1.5.5.7.8.7,RFC 4985) |
SSL_SERVER_S_DN_ X509 |
串 | 服务器主题DN的组件 |
SSL_SERVER_I_DN |
串 | 服务器证书的颁发者DN |
SSL_SERVER_I_DN_ X509 |
串 | 服务器发行者DN的组件 |
SSL_SERVER_V_START |
串 | 服务器证书的有效期(开始时间) |
SSL_SERVER_V_END |
串 | 服务器证书的有效期(结束时间) |
SSL_SERVER_A_SIG |
串 | 用于签名服务器证书的算法 |
SSL_SERVER_A_KEY |
串 | 用于服务器证书的公钥的算法 |
SSL_SERVER_CERT |
串 | PEM编码的服务器证书 |
SSL_SRP_USER |
串 | SRP用户名 |
SSL_SRP_USERINFO |
串 | SRP用户信息 |
SSL_TLS_SNI |
串 | SNI TLS扩展的内容(如果随ClientHello提供) |
x509指定X.509 DN的组件; 其中之一 C,ST,L,O,OU,CN,T,I,G,S,D,UID,Email
。在Apache 2.1及更高版本中,x509还可能包含数字_n
后缀。如果所讨论的DN包含多个具有相同名称的属性,则将该后缀用作从零开始的索引来选择特定属性。例如,服务器证书主题DN包含两个OU属性,SSL_SERVER_S_DN_OU_0
并可 SSL_SERVER_S_DN_OU_1
用于引用每个属性。没有_n
后缀的变量名相当于带有_0
后缀的名字; 第一个(或唯一的)属性。当使用指令StdEnvVars
选项填充环境表时SSLOptions
,任何DN的第一个(或唯一)属性仅在非后缀名称下添加; 即没有_0
添加后缀条目。
Apache HTTPD 2.3.11中* _DN变量的格式已经改变。有关详细信息,请参阅LegacyDNStringFormat
选项 SSLOptions
。
SSL_CLIENT_V_REMAIN
仅在版本2.1和更高版本中可用。
还可以在SSLRequire
表达式或自定义日志格式中使用许多其他环境变量:
HTTP_USER_AGENT PATH_INFO AUTH_TYPE HTTP_REFERER QUERY_STRING SERVER_SOFTWARE HTTP_COOKIE REMOTE_HOST API_VERSION HTTP_FORWARDED REMOTE_IDENT TIME_YEAR HTTP_HOST IS_SUBREQ TIME_MON HTTP_PROXY_CONNECTION DOCUMENT_ROOT TIME_DAY HTTP_ACCEPT SERVER_ADMIN TIME_HOUR THE_REQUEST SERVER_NAME TIME_MIN REQUEST_FILENAME SERVER_PORT TIME_SEC REQUEST_METHOD SERVER_PROTOCOL TIME_WDAY REQUEST_SCHEME REMOTE_ADDR TIME REQUEST_URI REMOTE_USER
在这些情况下,还可以使用两种特殊格式:
ENV:variablename
- 这将扩展到标准环境变量variablename。
HTTP:headername
- 这将扩展到名称为headername的请求头的值 。
自定义日志格式
当mod_ssl
内置到Apache或至少被加载时(在DSO情况下),自定义日志格式中 存在附加功能mod_log_config
。首先有一个额外的`` %{
varname的}x
'扩展格式的功能,它可以用来扩展任何模块,特别是那些由可你在上表中找到了mod_ssl提供所提供的任何变量。
为了向后兼容,还提供了特殊的“ %{
名称}c
”加密格式功能。有关此功能的信息在“ 兼容性”一章中提供。
例
这些格式甚至可以在不设置 指令StdEnvVars
选项的情况下工作SSLOptions
。
请求注释
mod_ssl
设置可用于记录格式字符串的请求的“注释” 。%{name}n
mod_log_config
支持的说明如下:
ssl-access-forbidden
1
如果由于SSLRequire
orSSLRequireSSL
指令而导致访问被拒绝,则此注释设置为值。ssl-secure-reneg
- 如果
mod_ssl
是针对支持安全重新协商扩展的OpenSSL版本构建的,则将该备注设置1
为当前连接使用SSL时的值,并且客户端也支持安全重新协商扩展。如果客户端不支持安全重新协商扩展,则将该备注设置为该值0
。如果mod_ssl
不是针对支持安全重新协商的OpenSSL版本构建的,或者如果当前连接没有使用SSL,则说明未设置。
表达式解析器扩展
当mod_ssl
内置到Apache或至少加载(在DSO情况下)时 ,可以在ap_expr表达式解析器的表达式中使用提供的任何变量。变量可以使用`` varname '' 语法来引用。从版本2.4.18开始,还可以使用 样式语法“ varname ”或函数样式语法“ varname ”。mod_ssl
%{
}
mod_rewrite
%{SSL:
}
ssl(
)
示例(使用mod_headers
)
该功能甚至可以在不设置 指令StdEnvVars
选项的情况下工作SSLOptions
。
授权提供程序与Require一起使用
mod_ssl
提供与使用的几个认证供应商mod_authz_core
的 Require
指令。
要求ssl
该ssl
供应商拒绝访问,如果一个连接没有使用SSL加密。这与SSLRequireSSL
指令类似 。
要求ssl-verify-client
该ssl
供应商允许访问,如果用户与有效客户证书进行认证。这只有SSLVerifyClient optional
在有效时才有用。
如果用户使用客户端证书或用户名和密码进行身份验证,则以下示例将授予访问权限。
SSLCACertificateFile 指令
描述: | 用于客户端身份验证的级联PEM编码CA证书文件 |
---|---|
句法: | SSLCACertificateFile file-path |
语境: | 服务器配置,虚拟主机 |
状态: | 延期 |
模块: | 了mod_ssl |
该指令设置了一体式文件,您可以在其中组装与您处理的客户的证书颁发机构(CA)证书。这些用于客户端身份验证。这样的文件就是各种PEM编码证书文件的串联,按照优先顺序。这可以替代地和/或另外地使用 SSLCACertificatePath
。
例
SSLCACertificatePath 指令
描述: | 用于客户端身份验证的PEM编码的CA证书目录 |
---|---|
句法: | SSLCACertificatePath directory-path |
语境: | 服务器配置,虚拟主机 |
状态: | 延期 |
模块: | 了mod_ssl |
该指令设置您保存与您处理的客户的证书颁发机构(CA)证书的目录。这些用于验证客户端身份验证上的客户端证书。
这个目录中的文件必须是PEM编码的,并通过哈希文件名来访问。所以通常你不能把证书文件放在那里:你还必须创建名为散列值的符号链接 .N
。你应该确保这个目录包含适当的符号链接。
例
SSLCADNRequestFile 指令
描述: | 连接的PEM编码CA证书的文件,用于定义可接受的CA名称 |
---|---|
句法: | SSLCADNRequestFile file-path |
语境: | 服务器配置,虚拟主机 |
状态: | 延期 |
模块: | 了mod_ssl |
当mod_ssl请求客户端证书时,在SSL握手中将可接受的证书授权者名称列表 发送到客户端。客户端可以使用这些CA名称从可用的客户端证书中选择适当的客户端证书。
若既没有指令SSLCADNRequestPath
或SSLCADNRequestFile
给出,那么该组发送到客户端上可接受的CA的名称是由给定的所有的CA证书的名称SSLCACertificateFile
和SSLCACertificatePath
指示; 换句话说,实际上将用于验证客户端证书的CA的名称。
在某些情况下,能够发送一组可接受的CA名称是有用的,这些名称与用于验证客户端证书的实际CA不同,例如,客户端证书是否由中间CA签名。在这种情况下,SSLCADNRequestPath
和/或SSLCADNRequestFile
可以使用; 那么可接受的CA名称将从这对指令所指定的目录和/或文件中的全套证书中取得。
SSLCADNRequestFile
必须指定一个包含PEM编码CA证书串联的一体化文件。
例
SSLCADNRequestPath 指令
描述: | 用于定义可接受的CA名称的PEM编码的CA证书目录 |
---|---|
句法: | SSLCADNRequestPath directory-path |
语境: | 服务器配置,虚拟主机 |
状态: | 延期 |
模块: | 了mod_ssl |
此可选指令可用于指定在请求客户端证书时将发送给客户端的可接受的CA名称集合 。请参阅SSLCADNRequestFile
指令了解更多详情。
这个目录中的文件必须是PEM编码的,并通过哈希文件名来访问。所以通常你不能把证书文件放在那里:你还必须创建名为散列值的符号链接 .N
。你应该确保这个目录包含适当的符号链接。
例
SSLCARvocationCheck 指令
描述: | 启用基于CRL的撤销检查 |
---|---|
句法: | SSLCARevocationCheck chain|leaf|none flags |
默认: | SSLCARevocationCheck none |
语境: | 服务器配置,虚拟主机 |
状态: | 延期 |
模块: | 了mod_ssl |
兼容性: | httpd 2.4.21或更高版本中提供了可选标志 |
启用证书撤销列表(CRL)检查。至少有一个 SSLCARevocationFile
或SSLCARevocationPath
必须配置。设置为chain
(推荐设置)时,将CRL检查应用于链中的所有证书,同时将其设置为 leaf
将检查限制为最终实体证书。
可用的标志是:
no_crl_for_cert_ok
在版本2.3.15之前,如果在配置了
SSLCARevocationFile
or的任何位置中找不到检查证书的CRL,则mod_ssl中的CRL检查也会成功SSLCARevocationPath
。通过引入
SSLCARevocationFile
,行为已经被改变:默认情况下使用chain
orleaf
,CRL 必须存在才能使验证成功 - 否则将失败并出现"unable to get certificate CRL"
错误。该标志
no_crl_for_cert_ok
允许恢复以前的行为。
例
与版本2.2兼容
SSLCARevocationFile 指令
描述: | 客户端身份验证的级联PEM编码的CA CRL的文件 |
---|---|
句法: | SSLCARevocationFile file-path |
语境: | 服务器配置,虚拟主机 |
状态: | 延期 |
模块: | 了mod_ssl |
该指令设置一体式文件,您可以在其中组装证书吊销列表(CRL)的证书颁发机构(CA),您的客户与您打交道。这些用于客户端身份验证。这样的文件就是各种PEM编码的CRL文件的串联,按照优先顺序。这可以替代地和/或另外地使用SSLCARevocationPath
。
例
SSLCARevocationPath 指令
描述: | 用于客户端身份验证的PEM编码CA CRL目录 |
---|---|
句法: | SSLCARevocationPath directory-path |
语境: | 服务器配置,虚拟主机 |
状态: | 延期 |
模块: | 了mod_ssl |
此指令设置您保存其所处理客户的证书颁发机构(CA)的证书吊销列表(CRL)的目录。这些用于在客户端身份验证上撤销客户端证书。
这个目录中的文件必须是PEM编码的,并通过哈希文件名来访问。所以通常你不仅要把CRL文件放在那里。另外,您必须创建名为哈希值的符号链接 .rN
。你应该确保这个目录包含适当的符号链接。
例
SSLCertificateChainFile 指令
描述: | PEM编码的服务器CA证书文件 |
---|---|
句法: | SSLCertificateChainFile file-path |
语境: | 服务器配置,虚拟主机 |
状态: | 延期 |
模块: | 了mod_ssl |
SSLCertificateChainFile已被弃用
SSLCertificateChainFile
在版本2.4.8中SSLCertificateFile
被扩展为从服务器证书文件中加载中间CA证书。
该指令设置可选的一体化文件,您可以在其中组装证书作为服务器证书的证书链的证书颁发机构(CA)的证书。这从服务器证书颁发的CA证书开始,可以扩展到根CA证书。这样的文件就是各种PEM编码的CA证书文件的串联,通常以证书链顺序。
除了SSLCACertificatePath
服务器证书之外,这应该替代地和/或另外用于显式地构建发送到浏览器的服务器证书链。使用客户端身份验证时,避免与CA证书发生冲突尤其有用。因为虽然放置服务器证书链的CA证书SSLCACertificatePath
对于证书链的构造具有相同的效果,但是也有客户端认证接受同一CA证书颁发的客户端证书的副作用。
但要小心:只有在使用单个基于RSA 或 DSA的服务器证书时,才能提供证书链 。如果您使用的是耦合的RSA + DSA证书对,则仅当实际上两个证书使用相同的证书链时才能使用。否则浏览器会在这种情况下感到困惑。
例
SSLCertificateFile 指令
描述: | 服务器PEM编码的X.509证书数据文件 |
---|---|
句法: | SSLCertificateFile file-path |
语境: | 服务器配置,虚拟主机 |
状态: | 延期 |
模块: | 了mod_ssl |
该指令指向一个带有PEM格式证书数据的文件。文件至少必须包含一个最终实体(叶)证书。该指令可以多次使用(引用不同的文件名)以支持多种服务器认证算法 - 通常是RSA,DSA和ECC。支持的算法数量取决于用于mod_ssl的OpenSSL版本:版本1.0.0或更高版本 openssl list-public-key-algorithms
将输出支持的算法列表,另请参阅以下关于1.0.2之前的OpenSSL版本限制的注释以及在他们周围工作。
这些文件还可能包含从叶子到根目录的中间CA证书。版本2.4.8及更高版本支持此功能,并已废弃SSLCertificateChainFile
。在使用OpenSSL 1.0.2或更高版本运行时,这允许以每个证书为基础配置中间CA链。
自定义DH参数和临时密钥的EC曲线名称也可以添加到使用的第一个文件的末尾 SSLCertificateFile
。这在版本2.4.7或更高版本中受支持。这样的参数可以使用命令来生成 openssl dhparam
和openssl ecparam
。参数可以按原样添加到第一个证书文件的末尾。只有第一个文件可以用于自定义参数,因为它们与认证算法类型无关地被应用。
最后,最终实体证书的私钥也可以添加到证书文件中,而不是使用单独的 SSLCertificateKeyFile
指令。这种做法是非常沮丧的。如果使用该密钥,则使用这种嵌入密钥的证书文件必须在证书之后使用单独的密钥文件进行配置。如果私钥已加密,则在启动时会强制执行密码对话框。
DH参数与质数> 1024位的互操作性
从版本2.4.7开始,mod_ssl使用主要长度为2048,3072和4096位的标准化DH参数,以及从版本2.4.10(RFC 3526)开始的附加主体长度6144和8192位,并将它们发送出去到客户端的证书的RSA / DSA密钥的长度。特别是基于Java的客户端(Java 7或更早版本),这可能会导致握手失败 - 请参阅此 常见问题解答以解决此类问题。
使用多个证书和1.0.2之前的OpenSSL版本时的默认DH参数
当使用多个证书来支持不同的认证算法(如RSA,DSA,但主要是ECC)和1.0.2之前的OpenSSL时,建议使用自定义的DH参数(最好是将它们添加到第一个证书文件中)上面),或者命令这些 SSLCertificateFile
指令使得RSA / DSA证书放在ECC 之后。
这是由于旧版本的OpenSSL中的一个限制,它不允许Apache HTTP服务器在握手时间(当DH参数必须发送给对等体时)确定当前选定的证书,而是始终提供最后配置的证书。因此,服务器可以基于错误证书密钥的长度(ECC密钥远小于RSA / DSA密钥,并且它们的长度与DH素数的选择无关)来选择默认的DH参数。
由于自定义的DH参数总是优先于默认参数,因此可以通过创建和配置它们(如上所述)来避免此问题,因此使用自定义/合适的长度。
例
SSLCertificateKeyFile 指令
描述: | 服务器PEM编码的私钥文件 |
---|---|
句法: | SSLCertificateKeyFile file-path |
语境: | 服务器配置,虚拟主机 |
状态: | 延期 |
模块: | 了mod_ssl |
该指令指向服务器的PEM编码私钥文件。如果包含的私钥被加密,则在启动时强制密码对话框被强制。
该指令可以多次使用(引用不同的文件名)以支持多种算法进行服务器认证。对于每个 SSLCertificateKeyFile
指令,必须有一个匹配的SSLCertificateFile
指令。
私钥也可以与文件中给出的证书结合使用 SSLCertificateFile
,但是这种做法是非常沮丧的。如果使用该密钥,则使用这种嵌入密钥的证书文件必须在证书之后使用单独的密钥文件进行配置。
例
SSLCipherSuite 指令
描述: | 密码套件可用于SSL握手协商 |
---|---|
句法: | SSLCipherSuite cipher-spec |
默认: | SSLCipherSuite DEFAULT (depends on OpenSSL version) |
语境: | 服务器配置,虚拟主机,目录,.htaccess |
覆盖: | AuthConfig |
状态: | 延期 |
模块: | 了mod_ssl |
This complex directive uses a colon-separated cipher-spec string consisting of OpenSSL cipher specifications to configure the Cipher Suite the client is permitted to negotiate in the SSL handshake phase. Notice that this directive can be used both in per-server and per-directory context. In per-server context it applies to the standard SSL handshake when a connection is established. In per-directory context it forces a SSL renegotiation with the reconfigured Cipher Suite after the HTTP request was read but before the HTTP response is sent.
An SSL cipher specification in cipher-spec is composed of 4 major attributes plus a few extra minor ones:
- Key Exchange Algorithm:
RSA, Diffie-Hellman, Elliptic Curve Diffie-Hellman, Secure Remote Password - Authentication Algorithm:
RSA, Diffie-Hellman, DSS, ECDSA, or none. - Cipher/Encryption Algorithm:
AES, DES, Triple-DES, RC4, RC2, IDEA, etc. - MAC Digest Algorithm:
MD5, SHA or SHA1, SHA256, SHA384.
An SSL cipher can also be an export cipher. SSLv2 ciphers are no longer supported. To specify which ciphers to use, one can either specify all the Ciphers, one at a time, or use aliases to specify the preference and order for the ciphers (see Table 1). The actually available ciphers and aliases depends on the used openssl version. Newer openssl versions may include additional ciphers.
Tag | Description |
---|---|
Key Exchange Algorithm: | |
kRSA |
RSA key exchange |
kDHr |
Diffie-Hellman key exchange with RSA key |
kDHd |
Diffie-Hellman key exchange with DSA key |
kEDH |
Ephemeral (temp.key) Diffie-Hellman key exchange (no cert) |
kSRP |
Secure Remote Password (SRP) key exchange |
Authentication Algorithm: | |
aNULL |
No authentication |
aRSA |
RSA authentication |
aDSS |
DSS authentication |
aDH |
Diffie-Hellman authentication |
Cipher Encoding Algorithm: | |
eNULL |
No encryption |
NULL |
alias for eNULL |
AES |
AES encryption |
DES |
DES encryption |
3DES |
Triple-DES encryption |
RC4 |
RC4 encryption |
RC2 |
RC2 encryption |
IDEA |
IDEA encryption |
MAC Digest Algorithm: | |
MD5 |
MD5 hash function |
SHA1 |
SHA1 hash function |
SHA |
alias for SHA1 |
SHA256 |
SHA256 hash function |
SHA384 |
SHA384 hash function |
Aliases: | |
SSLv3 |
all SSL version 3.0 ciphers |
TLSv1 |
all TLS version 1.0 ciphers |
EXP |
all export ciphers |
EXPORT40 |
all 40-bit export ciphers only |
EXPORT56 |
all 56-bit export ciphers only |
LOW |
all low strength ciphers (no export, single DES) |
MEDIUM |
all ciphers with 128 bit encryption |
HIGH |
all ciphers using Triple-DES |
RSA |
all ciphers using RSA key exchange |
DH |
all ciphers using Diffie-Hellman key exchange |
EDH |
all ciphers using Ephemeral Diffie-Hellman key exchange |
ECDH |
Elliptic Curve Diffie-Hellman key exchange |
ADH |
all ciphers using Anonymous Diffie-Hellman key exchange |
AECDH |
all ciphers using Anonymous Elliptic Curve Diffie-Hellman key exchange |
SRP |
all ciphers using Secure Remote Password (SRP) key exchange |
DSS |
all ciphers using DSS authentication |
ECDSA |
all ciphers using ECDSA authentication |
aNULL |
all ciphers using no authentication |
Now where this becomes interesting is that these can be put together to specify the order and ciphers you wish to use. To speed this up there are also aliases (SSLv3, TLSv1, EXP, LOW, MEDIUM, HIGH
) for certain groups of ciphers. These tags can be joined together with prefixes to form the cipher-spec. Available prefixes are:
- none: add cipher to list
+
: move matching ciphers to the current location in list-
: remove cipher from list (can be added later again)!
: kill cipher from list completely (can not be added later again)
aNULL
, eNULL
and EXP
ciphers are always disabled
Beginning with version 2.4.7, null and export-grade ciphers are always disabled, as mod_ssl unconditionally adds !aNULL:!eNULL:!EXP
to any cipher string at initialization.
A simpler way to look at all of this is to use the ``openssl ciphers -v
'' command which provides a nice way to successively create the correct cipher-spec string. The default cipher-spec string depends on the version of the OpenSSL libraries used. Let's suppose it is ``RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
'' which means the following: Put RC4-SHA
and AES128-SHA
at the beginning. We do this, because these ciphers offer a good compromise between speed and security. Next, include high and medium security ciphers. Finally, remove all ciphers which do not authenticate, i.e. for SSL the Anonymous Diffie-Hellman ciphers, as well as all ciphers which use MD5
as hash algorithm, because it has been proven insufficient.
$ openssl ciphers -v 'RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5' RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 ... ... ... ... ... SEED-SHA SSLv3 Kx=RSA Au=RSA Enc=SEED(128) Mac=SHA1 PSK-RC4-SHA SSLv3 Kx=PSK Au=PSK Enc=RC4(128) Mac=SHA1 KRB5-RC4-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(128) Mac=SHA1
The complete list of particular RSA & DH ciphers for SSL is given in Table 2.
Example
Cipher-Tag | Protocol | Key Ex. | Auth. | Enc. | MAC | Type |
---|---|---|---|---|---|---|
RSA密码: | ||||||
DES-CBC3-SHA |
在SSLv3 | RSA | RSA | 3DES(168) | SHA1 | |
IDEA-CBC-SHA |
在SSLv3 | RSA | RSA | IDEA(128) | SHA1 | |
RC4-SHA |
在SSLv3 | RSA | RSA | RC4(128) | SHA1 | |
RC4-MD5 |
在SSLv3 | RSA | RSA | RC4(128) | MD5 | |
DES-CBC-SHA |
在SSLv3 | RSA | RSA | DES(56) | SHA1 | |
EXP-DES-CBC-SHA |
在SSLv3 | RSA(512) | RSA | DES(40) | SHA1 | 出口 |
EXP-RC2-CBC-MD5 |
在SSLv3 | RSA(512) | RSA | RC2(40) | MD5 | 出口 |
EXP-RC4-MD5 |
在SSLv3 | RSA(512) | RSA | RC4(40) | MD5 | 出口 |
NULL-SHA |
在SSLv3 | RSA | RSA | 没有 | SHA1 | |
NULL-MD5 |
在SSLv3 | RSA | RSA | 没有 | MD5 | |
Diffie-Hellman密码: | ||||||
ADH-DES-CBC3-SHA |
在SSLv3 | DH | 没有 | 3DES(168) | SHA1 | |
ADH-DES-CBC-SHA |
在SSLv3 | DH | 没有 | DES(56) | SHA1 | |
ADH-RC4-MD5 |
在SSLv3 | DH | 没有 | RC4(128) | MD5 | |
EDH-RSA-DES-CBC3-SHA |
在SSLv3 | DH | RSA | 3DES(168) | SHA1 | |
EDH-DSS-DES-CBC3-SHA |
在SSLv3 | DH | DSS | 3DES(168) | SHA1 | |
EDH-RSA-DES-CBC-SHA |
在SSLv3 | DH | RSA | DES(56) | SHA1 | |
EDH-DSS-DES-CBC-SHA |
在SSLv3 | DH | DSS | DES(56) | SHA1 | |
EXP-EDH-RSA-DES-CBC-SHA |
在SSLv3 | DH(512) | RSA | DES(40) | SHA1 | 出口 |
EXP-EDH-DSS-DES-CBC-SHA |
在SSLv3 | DH(512) | DSS | DES(40) | SHA1 | 出口 |
EXP-ADH-DES-CBC-SHA |
在SSLv3 | DH(512) | 没有 | DES(40) | SHA1 | 出口 |
EXP-ADH-RC4-MD5 |
在SSLv3 | DH(512) | 没有 | RC4(40) | MD5 | 出口 |
SSLCompression 指令
描述: | 在SSL级别启用压缩 |
---|---|
句法: | SSLCompression on|off |
默认: | SSLCompression off |
语境: | 服务器配置,虚拟主机 |
状态: | 延期 |
模块: | 了mod_ssl |
兼容性: | 在httpd 2.4.3及更高版本中可用,如果使用OpenSSL 0.9.8或更高版本; 如果使用OpenSSL 1.0.0或更高版本,则可以使用虚拟主机作用域。默认情况下是on 2.4.3版本。 |
该指令允许在SSL级别启用压缩。
启用压缩会导致大多数安装问题(所谓的CRIME攻击)。
SSLCryptoDevice 指令
描述: | 启用加密硬件加速器 |
---|---|
句法: | SSLCryptoDevice engine |
默认: | SSLCryptoDevice builtin |
语境: | 服务器配置 |
状态: | 延期 |
模块: | 了mod_ssl |
该指令允许使用加密硬件加速器板来卸载一些SSL处理开销。这个指令只有在SSL工具箱是用“引擎”支持构建时才能使用; OpenSSL 0.9.7和更高版本默认具有“引擎”支持,必须使用OpenSSL 0.9.6的单独版本“-engine”。
要发现支持哪些引擎名称,请运行命令“ openssl engine
”。
例
SSLEngine 指令
描述: | SSL引擎操作开关 |
---|---|
句法: | SSLEngine on|off|optional |
默认: | SSLEngine off |
语境: | 服务器配置,虚拟主机 |
状态: | 延期 |
模块: | 了mod_ssl |
该指令切换SSL / TLS协议引擎的使用。这应该在一<VirtualHost>
节中使用,以启用该虚拟主机的SSL / TLS。默认情况下,主服务器和所有配置的虚拟主机均禁用SSL / TLS协议引擎。
例
在Apache 2.1及更高版本中,SSLEngine
可以设置为 optional
。这使得支持 RFC 2817,在HTTP / 1.1中升级到TLS。目前没有网页浏览器支持RFC 2817。
SSLFIPS 指令
描述: | SSL FIPS模式切换 |
---|---|
句法: | SSLFIPS on|off |
默认: | SSLFIPS off |
语境: | 服务器配置 |
状态: | 延期 |
模块: | 了mod_ssl |
This directive toggles the usage of the SSL library FIPS_mode flag. It must be set in the global server context and cannot be configured with conflicting settings (SSLFIPS on followed by SSLFIPS off or similar). The mode applies to all SSL library operations.
If httpd was compiled against an SSL library which did not support the FIPS_mode flag, SSLFIPS on
will fail. Refer to the FIPS 140-2 Security Policy document of the SSL provider library for specific requirements to use mod_ssl in a FIPS 140-2 approved mode of operation; note that mod_ssl itself is not validated, but may be described as using FIPS 140-2 validated cryptographic module, when all components are assembled and operated under the guidelines imposed by the applicable Security Policy.
SSLHonorCipherOrder Directive
Description: | Option to prefer the server's cipher preference order |
---|---|
Syntax: | SSLHonorCipherOrder on|off |
Default: | SSLHonorCipherOrder off |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ssl |
When choosing a cipher during an SSLv3 or TLSv1 handshake, normally the client's preference is used. If this directive is enabled, the server's preference will be used instead.
Example
SSLInsecureRenegotiation Directive
Description: | Option to enable support for insecure renegotiation |
---|---|
Syntax: | SSLInsecureRenegotiation on|off |
Default: | SSLInsecureRenegotiation off |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ssl |
Compatibility: | Available in httpd 2.2.15 and later, if using OpenSSL 0.9.8m or later |
As originally specified, all versions of the SSL and TLS protocols (up to and including TLS/1.2) were vulnerable to a Man-in-the-Middle attack (CVE-2009-3555) during a renegotiation. This vulnerability allowed an attacker to "prefix" a chosen plaintext to the HTTP request as seen by the web server. A protocol extension was developed which fixed this vulnerability if supported by both client and server.
If mod_ssl
is linked against OpenSSL version 0.9.8m or later, by default renegotiation is only supported with clients supporting the new protocol extension. If this directive is enabled, renegotiation will be allowed with old (unpatched) clients, albeit insecurely.
Security warning
If this directive is enabled, SSL connections will be vulnerable to the Man-in-the-Middle prefix attack as described in CVE-2009-3555.
Example
The SSL_SECURE_RENEG
environment variable can be used from an SSI or CGI script to determine whether secure renegotiation is supported for a given SSL connection.
SSLOCSPDefaultResponder Directive
Description: | Set the default responder URI for OCSP validation |
---|---|
Syntax: | SSLOCSDefaultResponder uri |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ssl |
This option sets the default OCSP responder to use. If SSLOCSPOverrideResponder
is not enabled, the URI given will be used only if no responder URI is specified in the certificate being verified.
SSLOCSPEnable Directive
Description: | Enable OCSP validation of the client certificate chain |
---|---|
Syntax: | SSLOCSPEnable on|off |
Default: | SSLOCSPEnable off |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ssl |
This option enables OCSP validation of the client certificate chain. If this option is enabled, certificates in the client's certificate chain will be validated against an OCSP responder after normal verification (including CRL checks) have taken place.
The OCSP responder used is either extracted from the certificate itself, or derived by configuration; see the SSLOCSPDefaultResponder
and SSLOCSPOverrideResponder
directives.
Example
SSLOCSPNoverify Directive
Description: | skip the OCSP responder certificates verification |
---|---|
Syntax: | SSLOCSPNoverify On/Off |
Default: | SSLOCSPNoverify Off |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ssl |
Compatibility: | Available in httpd 2.4.26 and later, if using OpenSSL 0.9.7 or later |
Skip the OCSP responder certificates verification, mostly useful when testing an OCSP server.
SSLOCSPOverrideResponder Directive
Description: | Force use of the default responder URI for OCSP validation |
---|---|
Syntax: | SSLOCSPOverrideResponder on|off |
Default: | SSLOCSPOverrideResponder off |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ssl |
This option forces the configured default OCSP responder to be used during OCSP certificate validation, regardless of whether the certificate being validated references an OCSP responder.
SSLOCSPProxyURL Directive
Description: | Proxy URL to use for OCSP requests |
---|---|
Syntax: | SSLOCSPProxyURL url |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ssl |
Compatibility: | Available in httpd 2.4.19 and later |
This option allows to set the URL of a HTTP proxy that should be used for all queries to OCSP responders.
SSLOCSPResponderCertificateFile Directive
Description: | Set of trusted PEM encoded OCSP responder certificates |
---|---|
Syntax: | SSLOCSPResponderCertificateFile file |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ssl |
Compatibility: | Available in httpd 2.4.26 and later, if using OpenSSL 0.9.7 or later |
This supplies a list of trusted OCSP responder certificates to be used during OCSP responder certificate validation. The supplied certificates are implicitly trusted without any further validation. This is typically used where the OCSP responder certificate is self signed or omitted from the OCSP response.
SSLOCSPResponderTimeout Directive
Description: | Timeout for OCSP queries |
---|---|
Syntax: | SSLOCSPResponderTimeout seconds |
Default: | SSLOCSPResponderTimeout 10 |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ssl |
This option sets the timeout for queries to OCSP responders, when SSLOCSPEnable
is turned on.
SSLOCSPResponseMaxAge Directive
Description: | Maximum allowable age for OCSP responses |
---|---|
Syntax: | SSLOCSPResponseMaxAge seconds |
Default: | SSLOCSPResponseMaxAge -1 |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ssl |
This option sets the maximum allowable age ("freshness") for OCSP responses. The default value (-1
) does not enforce a maximum age, which means that OCSP responses are considered valid as long as their nextUpdate
field is in the future.
SSLOCSPResponseTimeSkew Directive
Description: | Maximum allowable time skew for OCSP response validation |
---|---|
Syntax: | SSLOCSPResponseTimeSkew seconds |
Default: | SSLOCSPResponseTimeSkew 300 |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ssl |
This option sets the maximum allowable time skew for OCSP responses (when checking their thisUpdate
and nextUpdate
fields).
SSLOCSPUseRequestNonce Directive
Description: | Use a nonce within OCSP queries |
---|---|
Syntax: | SSLOCSPUseRequestNonce on|off |
Default: | SSLOCSPUseRequestNonce on |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ssl |
Compatibility: | Available in httpd 2.4.10 and later |
This option determines whether queries to OCSP responders should contain a nonce or not. By default, a query nonce is always used and checked against the response's one. When the responder does not use nonces (e.g. Microsoft OCSP Responder), this option should be turned off
.
SSLOpenSSLConfCmd Directive
Description: | Configure OpenSSL parameters through its SSL_CONF API |
---|---|
Syntax: | SSLOpenSSLConfCmd command-name command-value |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ssl |
Compatibility: | Available in httpd 2.4.8 and later, if using OpenSSL 1.0.2 or later |
This directive exposes OpenSSL's SSL_CONF API to mod_ssl, allowing a flexible configuration of OpenSSL parameters without the need of implementing additional mod_ssl
directives when new features are added to OpenSSL.
The set of available SSLOpenSSLConfCmd
commands depends on the OpenSSL version being used for mod_ssl
(at least version 1.0.2 is required). For a list of supported command names, see the section Supported configuration file commands in theSSL_CONF_cmd(3) manual page for OpenSSL.
Some of the SSLOpenSSLConfCmd
commands can be used as an alternative to existing directives (such as SSLCipherSuite
or SSLProtocol
), though it should be noted that the syntax / allowable values for the parameters may sometimes differ.
Examples
SSLOptions Directive
Description: | Configure various SSL engine run-time options |
---|---|
Syntax: | SSLOptions [+|-]option ... |
Context: | server config, virtual host, directory, .htaccess |
Override: | Options |
Status: | Extension |
Module: | mod_ssl |
This directive can be used to control various run-time options on a per-directory basis. Normally, if multiple SSLOptions
could apply to a directory, then the most specific one is taken completely; the options are not merged. However if all the options on the SSLOptions
directive are preceded by a plus (+
) or minus (-
) symbol, the options are merged. Any options preceded by a +
are added to the options currently in force, and any options preceded by a -
are removed from the options currently in force.
The available options are:
StdEnvVars
When this option is enabled, the standard set of SSL related CGI/SSI environment variables are created. This per default is disabled for performance reasons, because the information extraction step is a rather expensive operation. So one usually enables this option for CGI and SSI requests only.
ExportCertData
When this option is enabled, additional CGI/SSI environment variables are created:
SSL_SERVER_CERT
,SSL_CLIENT_CERT
andSSL_CLIENT_CERT_CHAIN_
n (with n = 0,1,2,..). These contain the PEM-encoded X.509 Certificates of server and client for the current HTTPS connection and can be used by CGI scripts for deeper Certificate checking. Additionally all other certificates of the client certificate chain are provided, too. This bloats up the environment a little bit which is why you have to use this option to enable it on demand.FakeBasicAuth
When this option is enabled, the Subject Distinguished Name (DN) of the Client X509 Certificate is translated into a HTTP Basic Authorization username. This means that the standard Apache authentication methods can be used for access control. The user name is just the Subject of the Client's X509 Certificate (can be determined by running OpenSSL's
openssl x509
command:openssl x509 -noout -subject -in
certificate.crt
). Note that no password is obtained from the user. Every entry in the user file needs this password: ``xxj31ZMTZzkVA
'', which is the DES-encrypted version of the word `password
''. Those who live under MD5-based encryption (for instance under FreeBSD or BSD/OS, etc.) should use the following MD5 hash of the same word: ``$1$OXLyS...$Owx8s2/m9/gfkcRVXzgoE/
''.Note that the
AuthBasicFake
directive withinmod_auth_basic
can be used as a more general mechanism for faking basic authentication, giving control over the structure of both the username and password.StrictRequire
This forces forbidden access when
SSLRequireSSL
orSSLRequire
successfully decided that access should be forbidden. Usually the default is that in the case where a ``Satisfy any
'' directive is used, and other access restrictions are passed, denial of access due toSSLRequireSSL
orSSLRequire
is overridden (because that's how the ApacheSatisfy
mechanism should work.) But for strict access restriction you can useSSLRequireSSL
and/orSSLRequire
in combination with an ``SSLOptions +StrictRequire
''. Then an additional ``Satisfy Any
'' has no chance once mod_ssl has decided to deny access.OptRenegotiate
This enables optimized SSL connection renegotiation handling when SSL directives are used in per-directory context. By default a strict scheme is enabled where every per-directory reconfiguration of SSL parameters causes a full SSL renegotiation handshake. When this option is used mod_ssl tries to avoid unnecessary handshakes by doing more granular (but still safe) parameter checks. Nevertheless these granular checks sometimes may not be what the user expects, so enable this on a per-directory basis only, please.
LegacyDNStringFormat
This option influences how values of the
SSL_{CLIENT,SERVER}_{I,S}_DN
variables are formatted. Since version 2.3.11, Apache HTTPD uses a RFC 2253 compatible format by default. This uses commas as delimiters between the attributes, allows the use of non-ASCII characters (which are converted to UTF8), escapes various special characters with backslashes, and sorts the attributes with the "C" attribute last.If
LegacyDNStringFormat
is set, the old format will be used which sorts the "C" attribute first, uses slashes as separators, and does not handle non-ASCII and special characters in any consistent way.
Example
SSLPassPhraseDialog Directive
Description: | Type of pass phrase dialog for encrypted private keys |
---|---|
Syntax: | SSLPassPhraseDialog type |
Default: | SSLPassPhraseDialog builtin |
Context: | server config |
Status: | Extension |
Module: | mod_ssl |
When Apache starts up it has to read the various Certificate (see SSLCertificateFile
) and Private Key (see SSLCertificateKeyFile
) files of the SSL-enabled virtual servers. Because for security reasons the Private Key files are usually encrypted, mod_ssl needs to query the administrator for a Pass Phrase in order to decrypt those files. This query can be done in two ways which can be configured by type:
builtin
This is the default where an interactive terminal dialog occurs at startup time just before Apache detaches from the terminal. Here the administrator has to manually enter the Pass Phrase for each encrypted Private Key file. Because a lot of SSL-enabled virtual hosts can be configured, the following reuse-scheme is used to minimize the dialog: When a Private Key file is encrypted, all known Pass Phrases (at the beginning there are none, of course) are tried. If one of those known Pass Phrases succeeds no dialog pops up for this particular Private Key file. If none succeeded, another Pass Phrase is queried on the terminal and remembered for the next round (where it perhaps can be reused).
This scheme allows mod_ssl to be maximally flexible (because for N encrypted Private Key files you can use N different Pass Phrases - but then you have to enter all of them, of course) while minimizing the terminal dialog (i.e. when you use a single Pass Phrase for all N Private Key files this Pass Phrase is queried only once).
|/path/to/program [args...]
This mode allows an external program to be used which acts as a pipe to a particular input device; the program is sent the standard prompt text used for the
builtin
mode onstdin
, and is expected to write password strings onstdout
. If several passwords are needed (or an incorrect password is entered), additional prompt text will be written subsequent to the first password being returned, and more passwords must then be written back.exec:/path/to/program
Here an external program is configured which is called at startup for each encrypted Private Key file. It is called with two arguments (the first is of the form ``
servername:portnumber
'', the second is either ``RSA
'', ``DSA
'', ``ECC
'' or an integer index starting at 3 if more than three keys are configured), which indicate for which server and algorithm it has to print the corresponding Pass Phrase tostdout
. In versions 2.4.8 (unreleased) and 2.4.9, it is called with one argument, a string of the form ``servername:portnumber:index
'' (withindex
being a zero-based integer number), which indicate the server, TCP port and certificate number. The intent is that this external program first runs security checks to make sure that the system is not compromised by an attacker, and only when these checks were passed successfully it provides the Pass Phrase.Both these security checks, and the way the Pass Phrase is determined, can be as complex as you like. Mod_ssl just defines the interface: an executable program which provides the Pass Phrase on
stdout
. Nothing more or less! So, if you're really paranoid about security, here is your interface. Anything else has to be left as an exercise to the administrator, because local security requirements are so different.上面的重用算法也在这里使用。换句话说:每个唯一的密码短语仅调用一次外部程序。
例
SSLProtocol 指令
描述: | 配置可用的SSL / TLS协议版本 |
---|---|
句法: | SSLProtocol [+|-]protocol ... |
默认: | SSLProtocol all -SSLv3 (up to 2.4.16: all) |
语境: | 服务器配置,虚拟主机 |
状态: | 延期 |
模块: | 了mod_ssl |
这个指令可以用来控制SSL / TLS协议在新连接中被接受的版本。
可用的(不区分大小写的)协议是:
SSLv3
这是来自Netscape Corporation的安全套接字层(SSL)协议3.0版。它是SSLv2的后继者,也是TLSv1的前身,但在RFC 7568中已弃用。
TLSv1
这是传输层安全(TLS)协议,版本1.0。它是SSLv3的继承者,在RFC 2246中进行了定义 。几乎每个客户都支持它。
TLSv1.1
(使用OpenSSL 1.0.1及更高版本时)RFC 4346中 定义的TLS 1.0协议的修订版本 。
TLSv1.2
(使用OpenSSL 1.0.1及更高版本时)RFC 5246中 定义的TLS 1.1协议的修订 。
all
+SSLv3 +TLSv1
当使用OpenSSL 1.0.1和更高版本时, 这是一个```` 或者`` '' 的快捷方式+SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
(除了使用“no-ssl3”配置选项编译的OpenSSL版本,其中all
不包括+SSLv3
)。
例
SSLProxyCACertificateFile 指令
描述: | 用于远程服务器验证的连接的PEM编码的CA证书的文件 |
---|---|
句法: | SSLProxyCACertificateFile file-path |
语境: | 服务器配置,虚拟主机 |
状态: | 延期 |
模块: | 了mod_ssl |
该指令设置了一体式文件,您可以在该文件中组装已处理远程服务器的证书颁发机构证书(CA)。这些用于远程服务器身份验证。这样的文件就是各种PEM编码证书文件的串联,按照优先顺序。这可以替代地和/或另外地使用 SSLProxyCACertificatePath
。
例
SSLProxyCACertificatePath 指令
描述: | 远程服务器认证的PEM编码的CA证书目录 |
---|---|
句法: | SSLProxyCACertificatePath directory-path |
语境: | 服务器配置,虚拟主机 |
状态: | 延期 |
模块: | 了mod_ssl |
该指令设置您保存其所处理的远程服务器的证书颁发机构证书(CA)的目录。这些用于验证远程服务器身份验证上的远程服务器证书。
这个目录中的文件必须是PEM编码的,并通过哈希文件名来访问。所以通常你不能把证书文件放在那里:你还必须创建名为散列值的符号链接 .N
。你应该确保这个目录包含适当的符号链接。
例
SSLProxyCARevocationCheck 指令
描述: | 为远程服务器身份验证启用基于CRL的撤销检查 |
---|---|
句法: | SSLProxyCARevocationCheck chain|leaf|none |
默认: | SSLProxyCARevocationCheck none |
语境: | 服务器配置,虚拟主机 |
状态: | 延期 |
模块: | 了mod_ssl |
启用证书吊销列表(CRL)检查您处理的 远程服务器。至少有一个 SSLProxyCARevocationFile
或SSLProxyCARevocationPath
必须配置。设置为chain
(推荐设置)时,将CRL检查应用于链中的所有证书,同时将其设置为 leaf
将检查限制为最终实体证书。
设置为chain
或时leaf
,CRL 必须可用于成功验证
Prior to version 2.3.15, CRL checking in mod_ssl also succeeded when no CRL(s) were found in any of the locations configured with SSLProxyCARevocationFile
or SSLProxyCARevocationPath
. With the introduction of this directive, the behavior has been changed: when checking is enabled, CRLs must be present for the validation to succeed - otherwise it will fail with an "unable to get certificate CRL"
error.
Example
SSLProxyCARevocationFile Directive
Description: | File of concatenated PEM-encoded CA CRLs for Remote Server Auth |
---|---|
Syntax: | SSLProxyCARevocationFile file-path |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ssl |
This directive sets the all-in-one file where you can assemble the Certificate Revocation Lists (CRL) of Certification Authorities (CA) whose remote servers you deal with. These are used for Remote Server Authentication. Such a file is simply the concatenation of the various PEM-encoded CRL files, in order of preference. This can be used alternatively and/or additionally to SSLProxyCARevocationPath
.
Example
SSLProxyCARevocationPath Directive
Description: | Directory of PEM-encoded CA CRLs for Remote Server Auth |
---|---|
Syntax: | SSLProxyCARevocationPath directory-path |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ssl |
This directive sets the directory where you keep the Certificate Revocation Lists (CRL) of Certification Authorities (CAs) whose remote servers you deal with. These are used to revoke the remote server certificate on Remote Server Authentication.
The files in this directory have to be PEM-encoded and are accessed through hash filenames. So usually you have not only to place the CRL files there. Additionally you have to create symbolic links named hash-value.rN
. And you should always make sure this directory contains the appropriate symbolic links.
Example
SSLProxyCheckPeerCN Directive
Description: | Whether to check the remote server certificate's CN field |
---|---|
Syntax: | SSLProxyCheckPeerCN on|off |
Default: | SSLProxyCheckPeerCN on |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ssl |
This directive sets whether the remote server certificate's CN field is compared against the hostname of the request URL. If both are not equal a 502 status code (Bad Gateway) is sent. SSLProxyCheckPeerCN
is superseded by SSLProxyCheckPeerName
in release 2.4.5 and later.
In all releases 2.4.5 through 2.4.20, setting SSLProxyCheckPeerName off
was sufficient to enable this behavior (as the SSLProxyCheckPeerCN
default was on
.) In these releases, both directives must be set to off
to completely avoid remote server certificate name validation. Many users reported this to be very confusing.
As of release 2.4.21, all configurations which enable either one of the SSLProxyCheckPeerName
or SSLProxyCheckPeerCN
options will use the new SSLProxyCheckPeerName
behavior, and all configurations which disable either one of theSSLProxyCheckPeerName
or SSLProxyCheckPeerCN
options will suppress all remote server certificate name validation. Only the following configuration will trigger the legacy certificate CN comparison in 2.4.21 and later releases;
Example
SSLProxyCheckPeerExpire Directive
Description: | Whether to check if remote server certificate is expired |
---|---|
Syntax: | SSLProxyCheckPeerExpire on|off |
Default: | SSLProxyCheckPeerExpire on |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ssl |
This directive sets whether it is checked if the remote server certificate is expired or not. If the check fails a 502 status code (Bad Gateway) is sent.
Example
SSLProxyCheckPeerName Directive
Description: | Configure host name checking for remote server certificates |
---|---|
Syntax: | SSLProxyCheckPeerName on|off |
Default: | SSLProxyCheckPeerName on |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ssl |
Compatibility: | Apache HTTP Server 2.4.5 and later |
This directive configures host name checking for server certificates when mod_ssl is acting as an SSL client. The check will succeed if the host name from the request URI matches one of the CN attribute(s) of the certificate's subject, or matches the subjectAltName extension. If the check fails, the SSL request is aborted and a 502 status code (Bad Gateway) is returned.
Wildcard matching is supported for specific cases: an subjectAltName entry of type dNSName, or CN attributes starting with *.
will match with any host name of the same number of name elements and the same suffix. E.g. *.example.org
will match foo.example.org
, but will not match foo.bar.example.org
, because the number of elements in the respective host names differs.
This feature was introduced in 2.4.5 and superseded the behavior of the SSLProxyCheckPeerCN
directive, which only tested the exact value in the first CN attribute against the host name. However, many users were confused by the behavior of using these directives individually, so the mutual behavior of SSLProxyCheckPeerName
and SSLProxyCheckPeerCN
directives were improved in release 2.4.21. See the SSLProxyCheckPeerCN
directive description for the original behavior and details of these improvements.
SSLProxyCipherSuite Directive
Description: | Cipher Suite available for negotiation in SSL proxy handshake |
---|---|
Syntax: | SSLProxyCipherSuite cipher-spec |
Default: | SSLProxyCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP |
Context: | server config, virtual host, directory, .htaccess |
Override: | AuthConfig |
Status: | Extension |
Module: | mod_ssl |
Equivalent to SSLCipherSuite
, but for the proxy connection. Please refer to SSLCipherSuite
for additional information.
SSLProxyEngine Directive
Description: | SSL Proxy Engine Operation Switch |
---|---|
Syntax: | SSLProxyEngine on|off |
Default: | SSLProxyEngine off |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ssl |
This directive toggles the usage of the SSL/TLS Protocol Engine for proxy. This is usually used inside a <VirtualHost>
section to enable SSL/TLS for proxy usage in a particular virtual host. By default the SSL/TLS Protocol Engine is disabled for proxy both for the main server and all configured virtual hosts.
Note that the SSLProxyEngine
directive should not, in general, be included in a virtual host that will be acting as a forward proxy (using <Proxy>
or ProxyRequests
directives). SSLProxyEngine
is not required to enable a forward proxy server to proxy SSL/TLS requests.
Example
SSLProxyMachineCertificateChainFile Directive
Description: | File of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate |
---|---|
Syntax: | SSLProxyMachineCertificateChainFile filename |
Context: | server config |
Status: | Extension |
Module: | mod_ssl |
This directive sets the all-in-one file where you keep the certificate chain for all of the client certs in use. This directive will be needed if the remote server presents a list of CA certificates that are not direct signers of one of the configured client certificates.
This referenced file is simply the concatenation of the various PEM-encoded certificate files. Upon startup, each client certificate configured will be examined and a chain of trust will be constructed.
Security warning
If this directive is enabled, all of the certificates in the file will be trusted as if they were also in SSLProxyCACertificateFile
.
Example
SSLProxyMachineCertificateFile Directive
Description: | File of concatenated PEM-encoded client certificates and keys to be used by the proxy |
---|---|
Syntax: | SSLProxyMachineCertificateFile filename |
Context: | server config |
Status: | Extension |
Module: | mod_ssl |
This directive sets the all-in-one file where you keep the certificates and keys used for authentication of the proxy server to remote servers.
This referenced file is simply the concatenation of the various PEM-encoded certificate files, in order of preference. Use this directive alternatively or additionally to SSLProxyMachineCertificatePath
.
Currently there is no support for encrypted private keys
Example
SSLProxyMachineCertificatePath Directive
Description: | Directory of PEM-encoded client certificates and keys to be used by the proxy |
---|---|
Syntax: | SSLProxyMachineCertificatePath directory |
Context: | server config |
Status: | Extension |
Module: | mod_ssl |
This directive sets the directory where you keep the certificates and keys used for authentication of the proxy server to remote servers.
The files in this directory must be PEM-encoded and are accessed through hash filenames. Additionally, you must create symbolic links named hash-value.N
. And you should always make sure this directory contains the appropriate symbolic links.
Currently there is no support for encrypted private keys
Example
SSLProxyProtocol Directive
Description: | Configure usable SSL protocol flavors for proxy usage |
---|---|
Syntax: | SSLProxyProtocol [+|-]protocol ... |
Default: | SSLProxyProtocol all -SSLv3 (up to 2.4.16: all) |
Context: | server config, virtual host |
Override: | Options |
Status: | Extension |
Module: | mod_ssl |
This directive can be used to control the SSL protocol flavors mod_ssl should use when establishing its server environment for proxy . It will only connect to servers using one of the provided protocols.
Please refer to SSLProtocol
for additional information.
SSLProxyVerify Directive
Description: | Type of remote server Certificate verification |
---|---|
Syntax: | SSLProxyVerify level |
Default: | SSLProxyVerify none |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ssl |
When a proxy is configured to forward requests to a remote SSL server, this directive can be used to configure certificate verification of the remote server.
The following levels are available for level:
- none: no remote server Certificate is required at all
- optional: the remote server may present a valid Certificate
- require: the remote server has to present a valid Certificate
- optional_no_ca: the remote server may present a valid Certificate
but it need not to be (successfully) verifiable.
In practice only levels none and require are really interesting, because level optional doesn't work with all servers and level optional_no_ca is actually against the idea of authentication (but can be used to establish SSL test pages, etc.)
Example
SSLProxyVerifyDepth Directive
Description: | Maximum depth of CA Certificates in Remote Server Certificate verification |
---|---|
Syntax: | SSLProxyVerifyDepth number |
Default: | SSLProxyVerifyDepth 1 |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ssl |
该指令设置了mod_ssl在确定远程服务器没有有效证书之前应该验证的深度。
深度实际上是中间证书颁发者的最大数量,即验证远程服务器证书时最大允许遵循的CA证书的数量。深度为0表示仅接受自签名的远程服务器证书,默认深度为1意味着远程服务器证书可以是自签名的,或者必须由服务器直接知晓的CA签名(即CA的证书在SSLProxyCACertificatePath
)等等
例
SSLRandomSeed 指令
描述: | 伪随机数发生器(PRNG)播种源 |
---|---|
句法: | SSLRandomSeed context source [bytes] |
语境: | 服务器配置 |
状态: | 延期 |
模块: | 了mod_ssl |
这在启动时(上下文是 startup
)和/或就在建立新的SSL连接(上下文是connect
)之前配置一个或多个在OpenSSL中为伪随机数生成器(PRNG)播种的源。该指令只能在全局服务器上下文中使用,因为PRNG是全局工具。
以下源代码版本可用:
builtin
这是始终可用的内置播种源。它的使用在运行时消耗最少的CPU周期,因此可以始终使用,没有缺点。用于播种PRNG的源包含当前时间,当前进程ID和(当适用时)Apache的进程间记分板结构的随机选择的1KB摘录。缺点是,这不是一个强大的来源,并在启动时(记分牌仍然不可用),这个来源只产生几个字节的熵。所以你应该至少在启动时使用额外的播种源。
file:/path/to/source
该变体使用外部文件
/path/to/source
作为种子PRNG的源。当字节被指定时,只有第一个字节的文件的字节数形成熵(和 字节被提供给/path/to/source
作为第一个参数)。当字节未被指定时,整个文件形成熵(并且0
被赋予/path/to/source
作为第一个参数)。尤其是在启动时使用它,例如使用可用/dev/random
和/或/dev/urandom
设备(通常存在于FreeBSD和Linux等现代Unix衍生产品中)。但要小心:通常
/dev/random
只提供与实际相同的熵数据,即当您请求512字节的熵时,但设备当前只有100个字节可用,则可能发生两件事:在某些平台上,只有100个字节处于打开状态其他平台的读取块直到有足够的字节可用(可能需要很长时间)。这里使用现有/dev/urandom
的更好,因为它永远不会阻塞,并且实际上提供了所需的数据量。缺点是收到的数据质量可能不是最好的。exec:/path/to/program
该变体使用外部可执行文件
/path/to/program
作为种子PRNG的源。当指定字节时,只有其内容字节的第一个 字节数stdout
形成熵。当没有指定字节时,整个数据就stdout
形成了熵。只有在启动的时候才需要使用它,当你需要一个非常强大的种子在外部程序的帮助下(例如在上面的例子中,truerand
你可以在mod_ssl发行版本中找到该实用程序,该发行版基于AT&T的 truerand图书馆)。当然,在连接上下文中使用这个过于缓慢,服务器速度太快了。所以通常你应该避免在这种情况下使用外部程序。egd:/path/to/egd-socket
(仅适用于Unix)该变体使用外部熵收集守护程序(EGD)的Unix域套接字(请参见http://www.lothar.com/tech/crypto/)来种子PRNG。如果您的平台上没有随机设备,请使用此选项。
例
SSLRenegBufferSize 指令
描述: | 设置SSL重新协商缓冲区的大小 |
---|---|
句法: | SSLRenegBufferSize bytes |
默认: | SSLRenegBufferSize 131072 |
语境: | 目录,.htaccess |
覆盖: | AuthConfig |
状态: | 延期 |
模块: | 了mod_ssl |
如果在每个位置上下文中需要SSL重新协商,例如,SSLVerifyClient
在目录或位置块中的任何使用,则mod_ssl
必须将任何HTTP请求主体缓冲到内存中,直到可以执行新的SSL握手为止。该指令可用于设置将用于此缓冲区的内存量。
请注意,在许多配置中,发送请求主体的客户端将不可信,因此在更改此配置设置时,必须考虑由消耗内存导致的拒绝服务攻击。
例
SSLRequire 指令
描述: | 仅当任意复杂的布尔表达式为真时才允许访问 |
---|---|
句法: | SSLRequire expression |
语境: | 目录,.htaccess |
覆盖: | AuthConfig |
状态: | 延期 |
模块: | 了mod_ssl |
SSLRequire已弃用
SSLRequire
is deprecated and should in general be replaced by Require expr. The so called ap_expr syntax of Require expr
is a superset of the syntax of SSLRequire
, with the following exception:
In SSLRequire
, the comparison operators <
, <=
, ... are completely equivalent to the operators lt
, le
, ... and work in a somewhat peculiar way that first compares the length of two strings and then the lexical order. On the other hand, ap_expr has two sets of comparison operators: The operators <
, <=
, ... do lexical string comparison, while the operators -lt
, -le
, ... do integer comparison. For the latter, there are also aliases without the leading dashes: lt
, le
, ...
This directive specifies a general access requirement which has to be fulfilled in order to allow access. It is a very powerful directive because the requirement specification is an arbitrarily complex boolean expression containing any number of access checks.
The expression must match the following syntax (given as a BNF grammar notation):
expr ::= "true" | "false" | "!" expr | expr "&&" expr | expr "||" expr | "(" expr ")" | comp comp ::= word "==" word | word "eq" word | word "!=" word | word "ne" word | word "<" word | word "lt" word | word "<=" word | word "le" word | word ">" word | word "gt" word | word ">=" word | word "ge" word | word "in" "{" wordlist "}" | word "in" "PeerExtList(" word ")" | word "=~" regex | word "!~" regex wordlist ::= word | wordlist "," word word ::= digit | cstring | variable | function digit ::= [0-9]+ cstring ::= "..." variable ::= "%{" varname "}" function ::= funcname "(" funcargs ")"
For varname
any of the variables described in Environment Variables can be used. For funcname
the available functions are listed in the ap_expr documentation.
The expression is parsed into an internal machine representation when the configuration is loaded, and then evaluated during request processing. In .htaccess context, the expression is both parsed and executed each time the .htaccess file is encountered during request processing.
Example
The PeerExtList(object-ID)
function expects to find zero or more instances of the X.509 certificate extension identified by the given object ID (OID) in the client certificate. The expression evaluates to true if the left-hand side string matches exactly against the value of an extension identified with this OID. (If multiple extensions with the same OID are present, at least one extension must match).
Example
Notes on the PeerExtList function
-
The object ID can be specified either as a descriptive name recognized by the SSL library, such as
"nsComment"
, or as a numeric OID, such as"1.2.3.4.5.6"
. -
Expressions with types known to the SSL library are rendered to a string before comparison. For an extension with a type not recognized by the SSL library, mod_ssl will parse the value if it is one of the primitive ASN.1 types UTF8String, IA5String, VisibleString, or BMPString. For an extension of one of these types, the string value will be converted to UTF-8 if necessary, then compared against the left-hand-side expression.
See also
- Environment Variables in Apache HTTP Server, for additional examples.
- Require expr
- Generic expression syntax in Apache HTTP Server
SSLRequireSSL Directive
Description: | Deny access when SSL is not used for the HTTP request |
---|---|
Syntax: | SSLRequireSSL |
Context: | directory, .htaccess |
Override: | AuthConfig |
Status: | Extension |
Module: | mod_ssl |
This directive forbids access unless HTTP over SSL (i.e. HTTPS) is enabled for the current connection. This is very handy inside the SSL-enabled virtual host or directories for defending against configuration errors that expose stuff that should be protected. When this directive is present all requests are denied which are not using SSL.
Example
SSLSessionCache Directive
Description: | Type of the global/inter-process SSL Session Cache |
---|---|
Syntax: | SSLSessionCache type |
Default: | SSLSessionCache none |
Context: | server config |
Status: | Extension |
Module: | mod_ssl |
This configures the storage type of the global/inter-process SSL Session Cache. This cache is an optional facility which speeds up parallel request processing. For requests to the same server process (via HTTP keep-alive), OpenSSL already caches the SSL session information locally. But because modern clients request inlined images and other data via parallel requests (usually up to four parallel requests are common) those requests are served by different pre-forked server processes. Here an inter-process cache helps to avoid unnecessary session handshakes.
The following five storage types are currently supported:
none
This disables the global/inter-process Session Cache. This will incur a noticeable speed penalty and may cause problems if using certain browsers, particularly if client certificates are enabled. This setting is not recommended.
nonenotnull
This disables any global/inter-process Session Cache. However it does force OpenSSL to send a non-null session ID to accommodate buggy clients that require one.
dbm:/path/to/datafile
This makes use of a DBM hashfile on the local disk to synchronize the local OpenSSL memory caches of the server processes. This session cache may suffer reliability issues under high load. To use this, ensure that
mod_socache_dbm
is loaded.shmcb:/path/to/datafile
[(
size)
]This makes use of a high-performance cyclic buffer (approx. size bytes in size) inside a shared memory segment in RAM (established via
/path/to/datafile
) to synchronize the local OpenSSL memory caches of the server processes. This is the recommended session cache. To use this, ensure thatmod_socache_shmcb
is loaded.dc:UNIX:/path/to/socket
This makes use of the distcache distributed session caching libraries. The argument should specify the location of the server or proxy to be used using the distcache address syntax; for example,
UNIX:/path/to/socket
specifies a UNIX domain socket (typically a local dc_client proxy);IP:server.example.com:9001
specifies an IP address. To use this, ensure thatmod_socache_dc
is loaded.
Examples
该ssl-cache
互斥用于串行访问会话缓存以防止腐败。这个互斥量可以使用Mutex
指令进行配置。
SSLSessionCacheTimeout 指令
描述: | 会话缓存中SSL会话过期之前的秒数 |
---|---|
句法: | SSLSessionCacheTimeout seconds |
默认: | SSLSessionCacheTimeout 300 |
语境: | 服务器配置,虚拟主机 |
状态: | 延期 |
模块: | 了mod_ssl |
兼容性: | 也适用于Apache 2.4.10及更高版本中的RFC 5077 TLS会话恢复 |
该指令为存储在全局/进程间SSL会话缓存,OpenSSL内部缓存以及TLS会话恢复(RFC 5077)恢复的会话中的信息设置超时时间(以秒为单位)。对于测试,它可以设置为15,但在实际生活中应该设置为更高的值,例如300。
例
SSLSessionTicketKeyFile 指令
描述: | TLS会话票据的持久加密/解密密钥 |
---|---|
句法: | SSLSessionTicketKeyFile file-path |
语境: | 服务器配置,虚拟主机 |
状态: | 延期 |
模块: | 了mod_ssl |
兼容性: | 在httpd 2.4.0及更高版本中可用,如果使用OpenSSL 0.9.8h或更高版本 |
根据RFC 5077的定义,可选择配置一个密钥来加密和解密TLS会话票据 。主要适用于TLS会话信息应该在多个节点之间共享的群集环境。对于单实例httpd设置,建议不要配置票证密钥文件,而是在启动时依赖由mod_ssl生成的(随机)密钥。
票证密钥文件必须包含48个字节的随机数据,最好由高熵源创建。在基于Unix的系统上,可以如下创建票据密钥文件:
dd if=/dev/random of=/path/to/file.tkey bs=1 count=48
票据密钥应该经常旋转(替换),因为这是使现有会话票证失效的唯一方法 - OpenSSL当前不允许指定票据生存期的限制。重新启动Web服务器后,只能使用新票证密钥。所有现有的会话票证在重新启动后都会失效。
票证密钥文件包含敏感的密钥材料,应使用类似于所使用的文件许可权来保护 SSLCertificateKeyFile
。
SSLSessionTickets 指令
描述: | 启用或禁用TLS会话票证的使用 |
---|---|
句法: | SSLSessionTickets on|off |
默认: | SSLSessionTickets on |
语境: | 服务器配置,虚拟主机 |
状态: | 延期 |
模块: | 了mod_ssl |
兼容性: | 在httpd 2.4.11及更高版本中可用,如果使用OpenSSL 0.9.8f或更高版本。 |
该指令允许启用或禁用TLS会话票证(RFC 5077)的使用。
TLS会话票据默认启用。使用它们而不必以适当的频率(例如每天)重新启动web服务器就可以实现完美的前向保密。
SSLSRPUnknownUserSeed 指令
描述: | SRP未知的用户种子 |
---|---|
句法: | SSLSRPUnknownUserSeed secret-string |
语境: | 服务器配置,虚拟主机 |
状态: | 延期 |
模块: | 了mod_ssl |
兼容性: | 在httpd 2.4.4及更高版本中可用,如果使用OpenSSL 1.0.1或更高版本 |
此伪指令设置用于伪造未知用户的SRP用户参数的种子,以避免泄露给定用户是否存在。指定一个秘密字符串。如果不使用此指令,则Apache将向指定未知用户名的客户端返回UNKNOWN_PSK_IDENTITY警报。
例
SSLSRPUnknownUserSeed "secret"
SSLSRPVerifierFile 指令
描述: | SRP验证程序文件的路径 |
---|---|
句法: | SSLSRPVerifierFile file-path |
语境: | 服务器配置,虚拟主机 |
状态: | 延期 |
模块: | 了mod_ssl |
兼容性: | 在httpd 2.4.4及更高版本中可用,如果使用OpenSSL 1.0.1或更高版本 |
此指令启用TLS-SRP,并设置包含TLS-SRP用户名,验证程序,盐和组参数的OpenSSL SRP(安全远程密码)验证程序文件的路径。
例
SSLSRPVerifierFile "/path/to/file.srpv"
验证程序文件可以使用openssl
命令行工具创建:
创建SRP验证程序文件
openssl srp -srpvfile passwd.srpv -userinfo "some info" -add username
在可选-userinfo
参数中给出的值在SSL_SRP_USERINFO
请求环境变量中是可用的。
SSLStaplingCache 指令
描述: | 配置OCSP装订高速缓存 |
---|---|
句法: | SSLStaplingCache type |
语境: | 服务器配置 |
状态: | 延期 |
模块: | 了mod_ssl |
兼容性: | 如果使用OpenSSL 0.9.8h或更高版本,则可用 |
如果SSLUseStapling
启用,则配置用于存储包含在TLS握手中的OCSP响应的高速缓存。OCSP装订必须配置缓存。除了none
和nonenotnull
,与支持相同的存储类型 SSLSessionCache
。
SSLStaplingErrorCacheTimeout 指令
描述: | 在OCSP装订高速缓存中过期无效响应之前的秒数 |
---|---|
句法: | SSLStaplingErrorCacheTimeout seconds |
默认: | SSLStaplingErrorCacheTimeout 600 |
语境: | 服务器配置,虚拟主机 |
状态: | 延期 |
模块: | 了mod_ssl |
兼容性: | 如果使用OpenSSL 0.9.8h或更高版本,则可用 |
设置OCSP装订高速缓存(通过)中的无效响应SSLStaplingCache
将到期之前的超时时间(以秒为单位)。要设置有效响应的高速缓存超时,请参阅 SSLStaplingStandardCacheTimeout
。
SSLStaplingFakeTryLater 指令
描述: | 针对失败的OCSP装订查询合成“tryLater”响应 |
---|---|
句法: | SSLStaplingFakeTryLater on|off |
默认: | SSLStaplingFakeTryLater on |
语境: | 服务器配置,虚拟主机 |
状态: | 延期 |
模块: | 了mod_ssl |
兼容性: | 如果使用OpenSSL 0.9.8h或更高版本,则可用 |
启用并且针对OCSP响应者的装订目的查询失败时,mod_ssl将合成客户端的“tryLater”响应。只有在有效的情况下才有效SSLStaplingReturnResponderErrors
。
SSLStaplingForceURL 指令
描述: | 覆盖证书的AIA扩展中指定的OCSP响应者URI |
---|---|
句法: | SSLStaplingForceURL uri |
语境: | 服务器配置,虚拟主机 |
状态: | 延期 |
模块: | 了mod_ssl |
兼容性: | 如果使用OpenSSL 0.9.8h或更高版本,则可用 |
该指令覆盖从证书的authorityInfoAccess(AIA)扩展中获得的OCSP响应者的URI。一个潜在的用途是何时使用代理来检索OCSP查询。
SSLStaplingResponderTimeout 指令
描述: | OCSP装订查询超时 |
---|---|
句法: | SSLStaplingResponderTimeout seconds |
默认: | SSLStaplingResponderTimeout 10 |
语境: | 服务器配置,虚拟主机 |
状态: | 延期 |
模块: | 了mod_ssl |
兼容性: | 如果使用OpenSSL 0.9.8h或更高版本,则可用 |
该选项设置查询的超时时间,如果 SSLUseStapling
启用且mod_ssl正在查询响应者OCSP装订的目的。
SSLStaplingResponseMaxAge 指令
描述: | OCSP装订响应的最大允许年龄 |
---|---|
句法: | SSLStaplingResponseMaxAge seconds |
默认: | SSLStaplingResponseMaxAge -1 |
语境: | 服务器配置,虚拟主机 |
状态: | 延期 |
模块: | 了mod_ssl |
兼容性: | 如果使用OpenSSL 0.9.8h或更高版本,则可用 |
这个选项设定考虑到装订目的的OCSP响应(即何时SSLUseStapling
打开)时的最大允许年龄(“新鲜度”) 。默认值(-1
)不强制实现最大年龄,这意味着只要nextUpdate
字段在将来,OCSP响应就被认为是有效 的。
SSLStaplingResponseTimeSkew 指令
描述: | OCSP装订响应验证的最大允许时间偏差 |
---|---|
句法: | SSLStaplingResponseTimeSkew seconds |
默认: | SSLStaplingResponseTimeSkew 300 |
语境: | 服务器配置,虚拟主机 |
状态: | 延期 |
模块: | 了mod_ssl |
兼容性: | 如果使用OpenSSL 0.9.8h或更高版本,则可用 |
此选项设置当mod_ssl检查包含在TLS握手(OCSP装订)中的OCSP响应thisUpdate
和nextUpdate
字段时,允许的最大时间偏差 。仅在SSLUseStapling
打开时适用。
SSLStaplingReturnResponderErrors 指令
描述: | 将装订相关的OCSP错误传递到客户端 |
---|---|
句法: | SSLStaplingReturnResponderErrors on|off |
默认: | SSLStaplingReturnResponderErrors on |
语境: | 服务器配置,虚拟主机 |
状态: | 延期 |
模块: | 了mod_ssl |
兼容性: | 如果使用OpenSSL 0.9.8h或更高版本,则可用 |
启用后,mod_ssl会将不成功的订阅相关OCSP查询(例如“成功”以外的整体状态的响应,非“良好”证书状态的响应,过期响应等)的响应传递给客户端。如果设置为off
,则仅在TLS握手中包含指示证书状态为“好”的响应。
SSLStaplingStandardCacheTimeout 指令
描述: | 在OCSP装订高速缓存中过期之前的秒数 |
---|---|
句法: | SSLStaplingStandardCacheTimeout seconds |
默认: | SSLStaplingStandardCacheTimeout 3600 |
语境: | 服务器配置,虚拟主机 |
状态: | 延期 |
模块: | 了mod_ssl |
兼容性: | 如果使用OpenSSL 0.9.8h或更高版本,则可用 |
设置OCSP装订高速缓存(通过配置SSLStaplingCache
)中的响应将到期之前的超时时间(以秒为单位)。该指令适用于有效响应,而 SSLStaplingErrorCacheTimeout
用于控制无效/不可用响应的超时。
SSLStrictSNIVHostCheck 指令
描述: | 是否允许非SNI客户端访问基于名称的虚拟主机。 |
---|---|
句法: | SSLStrictSNIVHostCheck on|off |
默认: | SSLStrictSNIVHostCheck off |
语境: | 服务器配置,虚拟主机 |
状态: | 延期 |
模块: | 了mod_ssl |
兼容性: | 在Apache 2.2.12和更高版本中可用 |
该指令设置是否允许非SNI客户端访问基于名称的虚拟主机。如果设置为on
默认的基于名称的虚拟主机,SNI不知道的客户端将不被允许访问 属于该特定IP /端口组合的任何虚拟主机。如果on
在任何其他虚拟主机中设置,SNI不知道的客户端不允许访问这个特定的虚拟主机。
这个选项只有在httpd是针对支持SNI的版本的OpenSSL进行编译时才可用。
例
SSLUserName 指令
描述: | 变量名确定用户名 |
---|---|
句法: | SSLUserName varname |
语境: | 服务器配置,目录,.htaccess |
覆盖: | AuthConfig |
状态: | 延期 |
模块: | 了mod_ssl |
该指令在Apache请求对象中设置“user”字段。这由较低的模块用字符串标识用户。特别是,这可能会导致环境变量 REMOTE_USER
被设置。该VARNAME可以是任何的SSL环境变量。
请注意,如果使用该FakeBasicAuth
选项,则此伪指令不起作用 (请参阅SSLOptions)。
例
SSLUseStapling 指令
描述: | 在TLS握手中启用OCSP响应的装订 |
---|---|
句法: | SSLUseStapling on|off |
默认: | SSLUseStapling off |
语境: | 服务器配置,虚拟主机 |
状态: | 延期 |
模块: | 了mod_ssl |
兼容性: | 如果使用OpenSSL 0.9.8h或更高版本,则可用 |
此选项启用OCSP装订,如RFC 6066中指定的“证书状态请求”TLS扩展所定义的。如果已启用(并由客户端请求),则mod_ssl将在TLS握手中为其自己的证书添加一个OCSP响应。配置 SSLStaplingCache
是启用OCSP装订的先决条件。
OCSP装订减轻了客户自己查询OCSP响应的难度,但是应该注意的是,在RFC 6066规范中,服务器的CertificateStatus
回复可能只包括针对单个证书的OCSP响应。对于在其链中具有中间CA证书的服务器证书(当今的典型情况),因此当前实现中的装订仅部分实现了“节省往返和资源”的既定目标 - 也参见 RFC 6961 (TLS多证书状态扩展)。
启用OCSP装订时,ssl-stapling
互斥锁用于控制对OCSP装订高速缓存的访问,以防止损坏,并使用sss-stapling-refresh
互斥锁来控制OCSP响应的刷新。这些互斥体可以使用Mutex
指令进行配置 。
SSLVerifyClient 指令
描述: | 客户证书类型验证 |
---|---|
句法: | SSLVerifyClient level |
默认: | SSLVerifyClient none |
语境: | 服务器配置,虚拟主机,目录,.htaccess |
覆盖: | AuthConfig |
状态: | 延期 |
模块: | 了mod_ssl |
此伪指令为客户端身份验证设置证书验证级别。注意这个指令可以用在每个服务器和每个目录的上下文中。在每服务器上下文中,它适用于在建立连接时在标准SSL握手中使用的客户端身份验证过程。在每个目录上下文中,在HTTP请求被读取之后但在发送HTTP响应之前,它强制使用重新配置的客户端验证级别的SSL重新协商。
以下级别可用于级别:
- none:没有客户证书是必需的
- 可选:客户可以出示有效的证书
- 要求:客户必须出示有效的证书
- optional_no_ca:客户可以提供有效的证书,
但不需要(成功)可验证。客户端身份验证不能依赖此选项。
例
SSLVerifyDepth 指令
描述: | 客户端证书验证中CA证书的最大深度 |
---|---|
句法: | SSLVerifyDepth number |
默认: | SSLVerifyDepth 1 |
语境: | 服务器配置,虚拟主机,目录,.htaccess |
覆盖: | AuthConfig |
状态: | 延期 |
模块: | 了mod_ssl |
这个指令设置mod_ssl在确定客户端没有有效证书之前应该进行多深的验证。注意这个指令可以用在每个服务器和每个目录的上下文中。在每服务器上下文中,它适用于在建立连接时在标准SSL握手中使用的客户端身份验证过程。在每个目录上下文中,在HTTP请求被读取之后但在HTTP响应被发送之前,它强制使用重新配置的客户端验证深度的SSL重新协商。
深度实际上是中间证书颁发者的最大数量,即验证客户端证书时最大允许遵循的CA证书的数量。深度为0表示仅接受自签名客户端证书,默认深度为1意味着客户端证书可以是自签名的,或者必须由服务器直接知道的CA签名(即,CA的证书是下SSLCACertificatePath
)等