286N/A<
title>mod_ssl: Glossary</
title>
286N/A Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved. 286N/A Redistribution and use in source and binary forms, with or without 286N/A modification, are permitted provided that the following conditions 286N/A 1. Redistributions of source code must retain the above 286N/A copyright notice, this list of conditions and the following 286N/A 2. Redistributions in binary form must reproduce the above 286N/A copyright notice, this list of conditions and the following 286N/A disclaimer in the documentation and/or other materials 286N/A provided with the distribution. 286N/A 3. All advertising materials mentioning features or use of this 286N/A software must display the following acknowledgment: 286N/A "This product includes software developed by 286N/A Ralf S. Engelschall <rse@engelschall.com> for use in the 286N/A 4. The name "mod_ssl" must not be used to endorse or promote 286N/A products derived from this software without prior written 286N/A 5. Redistributions of any form whatsoever must retain the 286N/A following acknowledgment: 286N/A "This product includes software developed by 286N/A Ralf S. Engelschall <rse@engelschall.com> for use in the 286N/A THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY 286N/A EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 286N/A IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 286N/A PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RALF S. ENGELSCHALL OR 286N/A HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 286N/A SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 286N/A NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 286N/A LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 286N/A HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 286N/A STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 286N/A ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 286N/A OF THE POSSIBILITY OF SUCH DAMAGE. 286N/A font-family: arial,helvetica; 286N/A font-family: arial,helvetica; 286N/A font-family: arial,helvetica; 286N/A font-family: arial,helvetica; 286N/A font-family: arial,helvetica; 286N/A background-color: #f0f0f0; 286N/A font-family: arial,helvetica; 286N/A font-family: arial,helvetica; 286N/A font-family: arial,helvetica; 286N/Afunction ro_imgNormal(imgName) { 286N/Afunction ro_imgOver(imgName, descript) { 286N/A ro_img_prev_top_n = new Image(); 286N/A ro_img_prev_top_o = new Image(); 286N/A ro_img_prev_bot_n = new Image(); 286N/A ro_img_prev_bot_o = new Image(); 286N/A<
body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066">
286N/A<
table width="600" cellspacing="0" cellpadding="0" border="0" summary="">
286N/A <
table width="600" cellspacing="0" cellpadding="0" summary="">
286N/A <
table width="600" summary="">
286N/A <
td align="left" valign="bottom">
286N/A <
font face="Arial,Helvetica" size="+2"><
b>mod_ssl</
b></
font>
286N/A <
table width="600" border="0" summary="">
286N/A <
td valign="top" align="left" width="250">
286N/A<
a href="ssl_faq.html" onmouseover="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_top'); return true" onfocus="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_top'); return true"><
img name="ro_img_prev_top" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></
a><
br><
font color="#000000">
F.A.Q. List</
font>
286N/A <
td valign="top" align="right" width="250">
286N/A<
table cellspacing="0" cellpadding="0" width="300" summary="">
286N/A``I know you believe you understand what you think I said, but I am not sure you
286N/Arealize that what you heard is not what I meant.''
286N/A<
dt><
div id="term">Authentication</
div>
286N/A<
dd>The positive identification of a network entity such as a server, a
286N/A client, or a user. In SSL context the server and client
286N/A <
em>Certificate</
em> verification process.
286N/A<
dt><
div id="term">Access Control</
div>
286N/A<
dd>The restriction of access to network realms. In Apache context
286N/A usually the restriction of access to certain <
em>URLs</
em>.
286N/A<
dt><
div id="term">Algorithm</
div>
286N/A<
dd>An unambiguous formula or set of rules for solving a problem in a finite
286N/A number of steps. Algorithms for encryption are usually called <
em>Ciphers</
em>.
286N/A<
dt><
div id="term">Certificate</
div>
286N/A<
dd>A data record used for authenticating network entities such
286N/A as a server or a client. A certificate contains X.509 information pieces
286N/A about its owner (called the subject) and the signing <
em>Certificate
286N/A Authority</
em> (called the issuer), plus the owner's public key and the
286N/A signature made by the CA. Network entities verify these signatures using
286N/A<
dt><
div id="term">Certification Authority (CA)</
div>
286N/A<
dd>A trusted third party whose purpose is to sign certificates for network
286N/A entities it has authenticated using secure means. Other network entities
286N/A can check the signature to verify that a CA has authenticated the bearer
286N/A<
dt><
div id="term">Certificate Signing Request (CSR)</
div>
286N/A<
dd>An unsigned certificate for submission to a <
em>Certification Authority</
em>,
286N/A which signs it with the <
em>Private Key</
em> of their CA <
em>Certificate</
em>. Once
286N/A the CSR is signed, it becomes a real certificate.
286N/A<
dt><
div id="term">Cipher</
div>
286N/A<
dd>An algorithm or system for data encryption. Examples are DES, IDEA, RC4, etc.
286N/A<
dt><
div id="term">Ciphertext</
div>
286N/A<
dd>The result after a <
em>Plaintext</
em> passed a <
em>Cipher</
em>.
286N/A<
dt><
div id="term">Configuration Directive</
div>
286N/A<
dd>A configuration command that controls one or more aspects of a program's
286N/A behavior. In Apache context these are all the command names in the first
286N/A column of the configuration files.
286N/A<
dt><
div id="term">CONNECT</
div>
286N/A<
dd>A HTTP command for proxying raw data channels over HTTP. It can be used to
286N/A encapsulate other protocols, such as the SSL protocol.
286N/A<
dt><
div id="term">Digital Signature</
div>
286N/A<
dd>An encrypted text block that validates a certificate or other file. A
286N/A <
em>Certification Authority</
em> creates a signature by generating a
286N/A hash of the <
em>Public Key</
em> embedded in a <
em>Certificate</
em>, then
286N/A encrypting the hash with its own <
em>Private Key</
em>. Only the CA's
286N/A public key can decrypt the signature, verifying that the CA has
286N/A authenticated the network entity that owns the <
em>Certificate</
em>.
286N/A<
dt><
div id="term">Export-Crippled</
div>
286N/A<
dd>Diminished in cryptographic strength (and security) in order to comply
286N/A with the United States' Export Administration Regulations (EAR).
286N/A Export-crippled cryptographic software is limited to a small key size,
286N/A resulting in <
em>Ciphertext</
em> which usually can be decrypted by brute
286N/A<
dt><
div id="term">Fully-Qualified Domain-Name (FQDN)</
div>
286N/A<
dd>The unique name of a network entity, consisting of a hostname and a domain
286N/A name that can resolve to an IP address. For example, <
code>www</
code> is a
286N/A<
dt><
div id="term">HyperText Transfer Protocol (HTTP)</
div>
286N/A<
dd>The HyperText Transport Protocol is the standard transmission protocol used
286N/A<
dt><
div id="term">HTTPS</
div>
286N/A<
dd>The HyperText Transport Protocol (Secure), the standard encrypted
286N/A communication mechanism on the World Wide Web. This is actually just HTTP
286N/A<
dt><
div id="term">Message Digest</
div>
286N/A<
dd>A hash of a message, which can be used to verify that the contents of
286N/A the message have not been altered in transit.
286N/A<
dt><
div id="term">OpenSSL</
div>
286N/A<
dt><
div id="term">Pass Phrase</
div>
286N/A<
dd>The word or phrase that protects private key files.
286N/A It prevents unauthorized users from encrypting them. Usually it's just
286N/A<
dt><
div id="term">Plaintext</
div>
286N/A<
dd>The unencrypted text.
286N/A<
dt><
div id="term">Private Key</
div>
286N/A<
dd>The secret key in a <
em>Public Key Cryptography</
em> system, used to
286N/A decrypt incoming messages and sign outgoing ones.
286N/A<
dt><
div id="term">Public Key</
div>
286N/A<
dd>The publically available key in a <
em>Public Key Cryptography</
em> system, used to
286N/A encrypt messages bound for its owner and to decrypt signatures made by its
286N/A<
dt><
div id="term">Public Key Cryptography</
div>
286N/A<
dd>The study and application of asymmetric encryption systems, which use one
286N/A key for encryption and another for decryption. A corresponding pair of
286N/A such keys constitutes a key pair. Also called Asymmetric Crypography.
286N/A<
dt><
div id="term">Secure Sockets Layer (SSL)</
div>
286N/A<
dd>A protocol created by Netscape Communications Corporation for
286N/A general communication authentication and encryption over
TCP/
IP networks.
286N/A The most popular usage is <
em>HTTPS</
em>,
i.e. the HyperText Transfer
286N/A Protocol (HTTP) over SSL.
<
dt><
div id="term">Session</
div>
<
dd>The context information of an SSL communication.
<
dt><
div id="term">SSLeay</
div>
<
dd>The original
SSL/
TLS implementation library developed by
Eric A. Young <eay@aus.rsa.com>;
<
dt><
div id="term">Symmetric Cryptography</
div>
<
dd>The study and application of <
em>Ciphers</
em> that use a single secret key
for both encryption and decryption operations.
<
dt><
div id="term">Transport Layer Security (TLS)</
div>
<
dd>The successor protocol to SSL, created by the Internet Engineering Task
Force (IETF) for general communication authentication and encryption over
TCP/
IP networks. TLS version 1 and is nearly identical with SSL version 3.
<
dt><
div id="term">Uniform Resource Locator (URL)</
div>
<
dd>The formal identifier to locate various resources on the World Wide Web.
The most popular URL scheme is <
code>http</
code>. SSL uses the
scheme <
code>https</
code>
<
dt><
div id="term">X.509</
div>
<
dd>An authentication certificate scheme recommended by the International
Telecommunication Union (ITU-T) which is used for
SSL/
TLS authentication.
<
table width="600" border="0" summary="">
<
td valign="top" align="left" width="250">
<
a href="ssl_faq.html" onmouseover="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_bot'); return true" onfocus="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_bot'); return true"><
img name="ro_img_prev_bot" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></
a><
br><
font color="#000000">
F.A.Q. List</
font>
<
td valign="top" align="right" width="250">
<
td><
table width="598" summary="">
<
td align="left"><
font face="Arial,Helvetica">
The Apache Interface to OpenSSL
<
td align="right"><
font face="Arial,Helvetica">
Copyright © 1998-2001
