Remove commented-out SSLStaplingForceURL at global scope. Global or not, its use is specialized and those that need it won't need a sample, and others may be confused.

add OCSP Stapling configuration, disabled by default

httpd allocates separate AF_INET/AF_INET6 sockets automatically when v4-mapped addresses are disabled

Changed @exp_sysconfdir@ / @exp_logfiledir@ to relative paths.

mod_socache_shmcb and mod_socache_dbm: finish support of DefaultRuntimeDir a partial conversion was made in r1299718, affecting cases where no filename was specified

Add some improvements as suggested by Kaspar - expand comment in config file - check username == NULL - detect SRP support via SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB, not via openssl version - rename rv variable

Add support for TLS-SRP (Secure Remote Password key exchange for TLS, RFC 5054). PR: 51075 Submitted by: Quinn Slack <sqs cs stanford edu>, Christophe Renou, Peter Sylvester

Change the SSLCipherSuite default to a shorter, whitelist oriented definition, and add an example for a speed-optimized configuration (commented out by default). In the SSL How-To, streamline the SSLCipherSuite examples where applicable (explicitly banning EXP and NULL is not needed when only HIGH is specified).

Add SSLCARevocationCheck directive to default mod_ssl config

Disable AECDH ciphers in example config by using !aNULL (which includes all ciphers without authentication. PR: 51363 Submitted by: Rob Stradling <rob comodo com>

Make the MSIE BrowserMatch regexp fit for MSIE 10. Remove useless '.*'

Update SSL cipher suite and add example for SSLHonorCipherOrder.

Fix up some SSL configuration, per issue #49484. IE6 had a hotfix released for this problem quite a while back (see kb 921090), so restrict the modified behavior to the old/unsupported browsers. * docs/conf/extra/http-ssl.conf.in: (): tighten up the regex to only select old MSIE browsers for the downgrade in http behavior. this allows IE6 to run much faster.

Update comment about required modules in extra configuration files. Mostly adding the information to the vhost and ssl files, and adding mod_authz_core and mod_authz_host (for "Require all denied" and "Require all granted") where needed.

Replace AcceptMutex, LockFile, RewriteLock, SSLMutex, SSLStaplingMutex, and WatchdogMutexPath with a single Mutex directive. Add APIs to simplify setup and user customization of APR proc and global mutexes. (See util_mutex.h.) Build-time setting DEFAULT_LOCKFILE is no longer respected; set DEFAULT_REL_RUNTIMEDIR instead. Some existing modules, such as mod_ldap and mod_auth_digest gain configurability for their mutexes.

enable support for ECC keys and ECDH ciphers. Tested against OpenSSL 1.0.0b3. [Vipul Gupta vipul.gupta sun.com, Sander Temme]

Typo sent/send

Minor grammatical issues

Enable to configure the https port - missing pieces.

Enabled to configure the https port as we do with http port too.

Based on Roy's commit 571285 application/x-x509-ca-cert der crt application/pkix-crl crl stop maintaining these in extras/httpd-ssl.conf.

Quote any file system path that may have spaces when expanded

centralize the versioning of the httpd and the docs directories

Typo

PHP 3.x + httpd-2.2 seems... unlikely.

Change "Files ~" to the preferred "FilesMatch"

* docs/conf/extra/httpd-ssl.conf.in: Don't reference directories which aren't created by "make install". Use BrowserMatch.

Merged the simple-conf branch changes r159781:160695 into the trunk.