On Wed, Apr 2, 2014 at 7:21 PM, <[email protected]> wrote: > Author: ylavic > Date: Wed Apr 2 17:21:28 2014 > New Revision: 1584098 > > URL: http://svn.apache.org/r1584098 > Log: > mod_ssl: follow up to r1583191. > > New SSLOCSPUseRequestNonce directive's manual and CHANGES. > [snip] > > Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml > URL: > http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml?rev=1584098&r1=1584097&r2=1584098&view=diff > ============================================================================== > --- httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml (original) > +++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml Wed Apr 2 17:21:28 2014 > @@ -2278,6 +2278,23 @@ which means that OCSP responses are cons > </directivesynopsis> > > <directivesynopsis> > +<name>SSLOCSPUseRequestNonce</name> > +<description>Use a nonce within OCSP queries</description> > +<syntax>SSLOCSPUseRequestNonce on|off</syntax> > +<default>SSLOCSPUseRequestNonce on</default> > +<contextlist><context>server config</context> > +<context>virtual host</context></contextlist> > +<compatibility>Available in httpd 2.4.10 and later, if using OpenSSL 0.9.7 > or later</compatibility>
I had to use the next version number here, while it is abviously not yet accepted for backport. What is the procedure in this case? > + > +<usage> > +<p>This option determines whether queries to OCSP responders should contain > +a nonce or not. By default, a query nonce is always used and checked against > +the response's one. When the responder does not use nonces (eg. Microsoft > OCSP > +Responder), this option ought to be turned <code>off</code>.</p> > +</usage> > +</directivesynopsis> > + > +<directivesynopsis> > <name>SSLInsecureRenegotiation</name> > <description>Option to enable support for insecure > renegotiation</description> > <syntax>SSLInsecureRenegotiation on|off</syntax> >
