Apache 2.4 documentation missunderstading ?
Clash Royale CLAN TAG#URR8PPP
up vote
-1
down vote
favorite
I'm not sure whether it's me or there's omething wrrong with the Apache documentation but I think it is misleading quit often.
Example:
http://httpd.apache.org/docs/2.4/ssl/ssl_howto.html
Your SSL configuration will need to contain, at minimum, the following directives.
LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
ServerName www.example.com
SSLEngine on
SSLCertificateFile "/path/to/www.example.com.cert"
SSLCertificateKeyFile "/path/to/www.example.com.key"
</VirtualHost>
So from the above, I assume that the SSLEngine directive is a must.
Now in https://httpd.apache.org/docs/2.4/mod/mod_ssl.html
SSLEngine Directive
Description: SSL Engine Operation Switch
Syntax: SSLEngine on|off|optional
Default: SSLEngine off
Context: server config, virtual host
Status: Extension
Module: mod_ssl
This directive toggles the usage of the SSL/TLS Protocol Engine. This is should be used inside a <VirtualHost> section to enable SSL/TLS for a that virtual host. By default the SSL/TLS Protocol Engine is disabled for both the main server and all configured virtual hosts.
Example
<VirtualHost _default_:443>
SSLEngine on
#...
</VirtualHost>
In Apache 2.1 and later, SSLEngine can be set to optional. This enables support for RFC 2817, Upgrading to TLS Within HTTP/1.1. At this time no web browsers support RFC 2817.
Especially the part where it says - by default the SSL/TLS Protocol Engine is disabled for both the main server and all configured virtual hosts.
First, I don't understand what do they actual mean when saying SSL/TLS Protocol engine. As I understand to enable SSL/TLS support we need to install the mod_ssl module as it is not installed by default - is this the engine hey talk about ?
Second, once mod_ssl is installed httpd starts to listen not only on 80 but on 443 as well.
Third, when I look at the ssl.conf configuration file, there's the following line SSLEngine on. The Apache documentation says that the main server config and whatever comes after before e.g. Virtual Hosts directives is parsed into one - so why do I need the SSLEngine directive in each VirtualHost?
Fourth, I have created two Virtual Host e.g. and definde the ServerNamedirective for each host and the SSLCertificate directives, so that each will respond with the right certificate depending on the SNI value send by the browser AND I did NOT include the SSLEngine directive inside the two Virtual Hosts and the web content is served via https and Apache returns the correct SSL certificates.
Why does the documentation says it is required but it works without?
Looking forward to your comments!
PS. Remember I'm only human. I spent a fair amount on reading the documentation and on reproductions - if I missed something, please apologize, it was not due to laziness, sometimes we may overlook simple thinks that are right in front of our nose.
apache-httpd
asked Mar 23 at 19:44
yesOrMaybeWhatever
267
add a comment |Â
up vote
-1
down vote
favorite
I'm not sure whether it's me or there's omething wrrong with the Apache documentation but I think it is misleading quit often.
Example:
http://httpd.apache.org/docs/2.4/ssl/ssl_howto.html
Your SSL configuration will need to contain, at minimum, the following directives.
LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
ServerName www.example.com
SSLEngine on
SSLCertificateFile "/path/to/www.example.com.cert"
SSLCertificateKeyFile "/path/to/www.example.com.key"
</VirtualHost>
So from the above, I assume that the SSLEngine directive is a must.
Now in https://httpd.apache.org/docs/2.4/mod/mod_ssl.html
SSLEngine Directive
Description: SSL Engine Operation Switch
Syntax: SSLEngine on|off|optional
Default: SSLEngine off
Context: server config, virtual host
Status: Extension
Module: mod_ssl
This directive toggles the usage of the SSL/TLS Protocol Engine. This is should be used inside a <VirtualHost> section to enable SSL/TLS for a that virtual host. By default the SSL/TLS Protocol Engine is disabled for both the main server and all configured virtual hosts.
Example
<VirtualHost _default_:443>
SSLEngine on
#...
</VirtualHost>
In Apache 2.1 and later, SSLEngine can be set to optional. This enables support for RFC 2817, Upgrading to TLS Within HTTP/1.1. At this time no web browsers support RFC 2817.
Especially the part where it says - by default the SSL/TLS Protocol Engine is disabled for both the main server and all configured virtual hosts.
First, I don't understand what do they actual mean when saying SSL/TLS Protocol engine. As I understand to enable SSL/TLS support we need to install the mod_ssl module as it is not installed by default - is this the engine hey talk about ?
Second, once mod_ssl is installed httpd starts to listen not only on 80 but on 443 as well.
Third, when I look at the ssl.conf configuration file, there's the following line SSLEngine on. The Apache documentation says that the main server config and whatever comes after before e.g. Virtual Hosts directives is parsed into one - so why do I need the SSLEngine directive in each VirtualHost?
Fourth, I have created two Virtual Host e.g. and definde the ServerNamedirective for each host and the SSLCertificate directives, so that each will respond with the right certificate depending on the SNI value send by the browser AND I did NOT include the SSLEngine directive inside the two Virtual Hosts and the web content is served via https and Apache returns the correct SSL certificates.
Why does the documentation says it is required but it works without?
Looking forward to your comments!
PS. Remember I'm only human. I spent a fair amount on reading the documentation and on reproductions - if I missed something, please apologize, it was not due to laziness, sometimes we may overlook simple thinks that are right in front of our nose.
apache-httpd
asked Mar 23 at 19:44
yesOrMaybeWhatever
267
add a comment |Â
up vote
-1
down vote
favorite
up vote
-1
down vote
favorite
I'm not sure whether it's me or there's omething wrrong with the Apache documentation but I think it is misleading quit often.
Example:
http://httpd.apache.org/docs/2.4/ssl/ssl_howto.html
Your SSL configuration will need to contain, at minimum, the following directives.
LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
ServerName www.example.com
SSLEngine on
SSLCertificateFile "/path/to/www.example.com.cert"
SSLCertificateKeyFile "/path/to/www.example.com.key"
</VirtualHost>
So from the above, I assume that the SSLEngine directive is a must.
Now in https://httpd.apache.org/docs/2.4/mod/mod_ssl.html
SSLEngine Directive
Description: SSL Engine Operation Switch
Syntax: SSLEngine on|off|optional
Default: SSLEngine off
Context: server config, virtual host
Status: Extension
Module: mod_ssl
This directive toggles the usage of the SSL/TLS Protocol Engine. This is should be used inside a <VirtualHost> section to enable SSL/TLS for a that virtual host. By default the SSL/TLS Protocol Engine is disabled for both the main server and all configured virtual hosts.
Example
<VirtualHost _default_:443>
SSLEngine on
#...
</VirtualHost>
In Apache 2.1 and later, SSLEngine can be set to optional. This enables support for RFC 2817, Upgrading to TLS Within HTTP/1.1. At this time no web browsers support RFC 2817.
Especially the part where it says - by default the SSL/TLS Protocol Engine is disabled for both the main server and all configured virtual hosts.
First, I don't understand what do they actual mean when saying SSL/TLS Protocol engine. As I understand to enable SSL/TLS support we need to install the mod_ssl module as it is not installed by default - is this the engine hey talk about ?
Second, once mod_ssl is installed httpd starts to listen not only on 80 but on 443 as well.
Third, when I look at the ssl.conf configuration file, there's the following line SSLEngine on. The Apache documentation says that the main server config and whatever comes after before e.g. Virtual Hosts directives is parsed into one - so why do I need the SSLEngine directive in each VirtualHost?
Fourth, I have created two Virtual Host e.g. and definde the ServerNamedirective for each host and the SSLCertificate directives, so that each will respond with the right certificate depending on the SNI value send by the browser AND I did NOT include the SSLEngine directive inside the two Virtual Hosts and the web content is served via https and Apache returns the correct SSL certificates.
Why does the documentation says it is required but it works without?
Looking forward to your comments!
PS. Remember I'm only human. I spent a fair amount on reading the documentation and on reproductions - if I missed something, please apologize, it was not due to laziness, sometimes we may overlook simple thinks that are right in front of our nose.
apache-httpd
asked Mar 23 at 19:44
yesOrMaybeWhatever
267
I'm not sure whether it's me or there's omething wrrong with the Apache documentation but I think it is misleading quit often.
Example:
http://httpd.apache.org/docs/2.4/ssl/ssl_howto.html
Your SSL configuration will need to contain, at minimum, the following directives.
LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
ServerName www.example.com
SSLEngine on
SSLCertificateFile "/path/to/www.example.com.cert"
SSLCertificateKeyFile "/path/to/www.example.com.key"
</VirtualHost>
So from the above, I assume that the SSLEngine directive is a must.
Now in https://httpd.apache.org/docs/2.4/mod/mod_ssl.html
SSLEngine Directive
Description: SSL Engine Operation Switch
Syntax: SSLEngine on|off|optional
Default: SSLEngine off
Context: server config, virtual host
Status: Extension
Module: mod_ssl
This directive toggles the usage of the SSL/TLS Protocol Engine. This is should be used inside a <VirtualHost> section to enable SSL/TLS for a that virtual host. By default the SSL/TLS Protocol Engine is disabled for both the main server and all configured virtual hosts.
Example
<VirtualHost _default_:443>
SSLEngine on
#...
</VirtualHost>
In Apache 2.1 and later, SSLEngine can be set to optional. This enables support for RFC 2817, Upgrading to TLS Within HTTP/1.1. At this time no web browsers support RFC 2817.
Especially the part where it says - by default the SSL/TLS Protocol Engine is disabled for both the main server and all configured virtual hosts.
First, I don't understand what do they actual mean when saying SSL/TLS Protocol engine. As I understand to enable SSL/TLS support we need to install the mod_ssl module as it is not installed by default - is this the engine hey talk about ?
Second, once mod_ssl is installed httpd starts to listen not only on 80 but on 443 as well.
Third, when I look at the ssl.conf configuration file, there's the following line SSLEngine on. The Apache documentation says that the main server config and whatever comes after before e.g. Virtual Hosts directives is parsed into one - so why do I need the SSLEngine directive in each VirtualHost?
Fourth, I have created two Virtual Host e.g. and definde the ServerNamedirective for each host and the SSLCertificate directives, so that each will respond with the right certificate depending on the SNI value send by the browser AND I did NOT include the SSLEngine directive inside the two Virtual Hosts and the web content is served via https and Apache returns the correct SSL certificates.
Why does the documentation says it is required but it works without?
Looking forward to your comments!
PS. Remember I'm only human. I spent a fair amount on reading the documentation and on reproductions - if I missed something, please apologize, it was not due to laziness, sometimes we may overlook simple thinks that are right in front of our nose.
apache-httpd
asked Mar 23 at 19:44
yesOrMaybeWhatever
267
asked Mar 23 at 19:44
yesOrMaybeWhatever
267
asked Mar 23 at 19:44
yesOrMaybeWhatever
267
asked Mar 23 at 19:44
yesOrMaybeWhatever
267
267
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
I will try to help:
1) The SSL Protocol engine is exactly that, the engine that drives the SSL protocol (a.k.a HTTPS). That engine is provided by mod_ssl but it is not enabled by default as that would consume extra resources. It is so much different then the HTTP protocol, it needed it own designation, HTTPS
2) The opening of port 443 and the enabling of SSLEngine only happen due to your operating system maintainers packaging that configuration into the mod_ssl package. With Apache built and installed directly from source, the default behavior is as the documentation describes.
3) The ssl.conf file is provided by your distribution maintainers, Apache nor the Apache documentation know anything about it so they just document the defaults. I am not sure what the contents are for your system, but most likely you are to include it into each of your virtual hosts as the Apache documentation states SSLEngine should be used inside a virtualhost configuration. It needs to be enabled in each virtual host so as not to consume resources where it is not needed.
4) If it is working for you like that, then most likely it is another convenience provided by your operating system. Apache has no idea how each operating system will configure Apache in their packages so they only describe the most basic, default behavior. You could go through all the Apache configuration files provided by your distribution and see how they each affect Apache's behavior, you can learn a lot that way.
answered Mar 23 at 21:18
GracefulRestart
74917
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
I will try to help:
1) The SSL Protocol engine is exactly that, the engine that drives the SSL protocol (a.k.a HTTPS). That engine is provided by mod_ssl but it is not enabled by default as that would consume extra resources. It is so much different then the HTTP protocol, it needed it own designation, HTTPS
2) The opening of port 443 and the enabling of SSLEngine only happen due to your operating system maintainers packaging that configuration into the mod_ssl package. With Apache built and installed directly from source, the default behavior is as the documentation describes.
3) The ssl.conf file is provided by your distribution maintainers, Apache nor the Apache documentation know anything about it so they just document the defaults. I am not sure what the contents are for your system, but most likely you are to include it into each of your virtual hosts as the Apache documentation states SSLEngine should be used inside a virtualhost configuration. It needs to be enabled in each virtual host so as not to consume resources where it is not needed.
4) If it is working for you like that, then most likely it is another convenience provided by your operating system. Apache has no idea how each operating system will configure Apache in their packages so they only describe the most basic, default behavior. You could go through all the Apache configuration files provided by your distribution and see how they each affect Apache's behavior, you can learn a lot that way.
answered Mar 23 at 21:18
GracefulRestart
74917
add a comment |Â
up vote
0
down vote
I will try to help:
1) The SSL Protocol engine is exactly that, the engine that drives the SSL protocol (a.k.a HTTPS). That engine is provided by mod_ssl but it is not enabled by default as that would consume extra resources. It is so much different then the HTTP protocol, it needed it own designation, HTTPS
2) The opening of port 443 and the enabling of SSLEngine only happen due to your operating system maintainers packaging that configuration into the mod_ssl package. With Apache built and installed directly from source, the default behavior is as the documentation describes.
3) The ssl.conf file is provided by your distribution maintainers, Apache nor the Apache documentation know anything about it so they just document the defaults. I am not sure what the contents are for your system, but most likely you are to include it into each of your virtual hosts as the Apache documentation states SSLEngine should be used inside a virtualhost configuration. It needs to be enabled in each virtual host so as not to consume resources where it is not needed.
4) If it is working for you like that, then most likely it is another convenience provided by your operating system. Apache has no idea how each operating system will configure Apache in their packages so they only describe the most basic, default behavior. You could go through all the Apache configuration files provided by your distribution and see how they each affect Apache's behavior, you can learn a lot that way.
answered Mar 23 at 21:18
GracefulRestart
74917
add a comment |Â
up vote
0
down vote
up vote
0
down vote
I will try to help:
1) The SSL Protocol engine is exactly that, the engine that drives the SSL protocol (a.k.a HTTPS). That engine is provided by mod_ssl but it is not enabled by default as that would consume extra resources. It is so much different then the HTTP protocol, it needed it own designation, HTTPS
2) The opening of port 443 and the enabling of SSLEngine only happen due to your operating system maintainers packaging that configuration into the mod_ssl package. With Apache built and installed directly from source, the default behavior is as the documentation describes.
3) The ssl.conf file is provided by your distribution maintainers, Apache nor the Apache documentation know anything about it so they just document the defaults. I am not sure what the contents are for your system, but most likely you are to include it into each of your virtual hosts as the Apache documentation states SSLEngine should be used inside a virtualhost configuration. It needs to be enabled in each virtual host so as not to consume resources where it is not needed.
4) If it is working for you like that, then most likely it is another convenience provided by your operating system. Apache has no idea how each operating system will configure Apache in their packages so they only describe the most basic, default behavior. You could go through all the Apache configuration files provided by your distribution and see how they each affect Apache's behavior, you can learn a lot that way.
answered Mar 23 at 21:18
GracefulRestart
74917
I will try to help:
1) The SSL Protocol engine is exactly that, the engine that drives the SSL protocol (a.k.a HTTPS). That engine is provided by mod_ssl but it is not enabled by default as that would consume extra resources. It is so much different then the HTTP protocol, it needed it own designation, HTTPS
2) The opening of port 443 and the enabling of SSLEngine only happen due to your operating system maintainers packaging that configuration into the mod_ssl package. With Apache built and installed directly from source, the default behavior is as the documentation describes.
3) The ssl.conf file is provided by your distribution maintainers, Apache nor the Apache documentation know anything about it so they just document the defaults. I am not sure what the contents are for your system, but most likely you are to include it into each of your virtual hosts as the Apache documentation states SSLEngine should be used inside a virtualhost configuration. It needs to be enabled in each virtual host so as not to consume resources where it is not needed.
4) If it is working for you like that, then most likely it is another convenience provided by your operating system. Apache has no idea how each operating system will configure Apache in their packages so they only describe the most basic, default behavior. You could go through all the Apache configuration files provided by your distribution and see how they each affect Apache's behavior, you can learn a lot that way.
answered Mar 23 at 21:18
GracefulRestart
74917
answered Mar 23 at 21:18
GracefulRestart
74917
answered Mar 23 at 21:18
GracefulRestart
74917
answered Mar 23 at 21:18
GracefulRestart
74917
74917
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f433142%2fapache-2-4-documentation-missunderstading%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
