Chapter 10. SSL/TLS Support
The mod_ssl module adds support for SSL/TLS, which provides the ability to encrypt all data exchanged between the client and server, and to authenticate the server to the client and vice versa.
Note that name-based virtual hosts do not work properly with SSL/TLS because the hostname of the virtual host, taken from the Host HTTP header, is required to locate the appropriate server certificate to set up the connection but is not available until after the secure connection has been established.
Secure Server Options
SSLCryptoDevice
S
mod_ssl (E)
builtin
SSLCryptoDevice { engine | builtin }
Compatibility: 2.1 and later
With engine enables the use of a hardware accelerator board—only available if the SSL toolkit was built with “engine” support.
SSLEngine
SV
mod_ssl (E)
OFF
SSLEngine { ON | OFF | Optional }
Enables or disables the operation of the SSL/TLS protocol engine. As of Apache 2.1, the value Optional can be specified to allow clients to upgrade an HTTP connection to TLS (RFC2817).
SSLOptions
SVDH (Options)
mod_ssl (E)
SSLOptions {[+|-] option} ...
Sets various runtime options. The available options are:
StdEnvVarsEnables the creation of SSL-related CGI/SSI environment variables. Disabled by default for performance reasons.
ExportCertDataCreates additional CGI/SSI environment variables to hold the PEM-encoded client and server certificates for the current connection. This is disabled by default as it significantly increases the amount of information put into the environment. ...
Get Apache 2 Pocket Reference now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
