ssl_reference.html revision fc6bd310aa9cef845a144751a0956b43fae51f37
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved.
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt Redistribution and use in source and binary forms, with or without
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt modification, are permitted provided that the following conditions
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt 1. Redistributions of source code must retain the above
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt copyright notice, this list of conditions and the following
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User 2. Redistributions in binary form must reproduce the above
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt copyright notice, this list of conditions and the following
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt disclaimer in the documentation and/or other materials
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt provided with the distribution.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt 3. All advertising materials mentioning features or use of this
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt software must display the following acknowledgment:
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt "This product includes software developed by
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Ralf S. Engelschall <rse@engelschall.com> for use in the
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt mod_ssl project (http://www.modssl.org/)."
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt 4. The name "mod_ssl" must not be used to endorse or promote
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt products derived from this software without prior written
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt 5. Redistributions of any form whatsoever must retain the
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt following acknowledgment:
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt "This product includes software developed by
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt Ralf S. Engelschall <rse@engelschall.com> for use in the
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt mod_ssl project (http://www.modssl.org/)."
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
f9aef05653eeb454c489d5bd2bde6daab774ad4aTinderbox User PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RALF S. ENGELSCHALL OR
f70a10508f030b097a9b8afe907a06f9a1e2c4d4Tinderbox User HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt OF THE POSSIBILITY OF SUCH DAMAGE.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt text-decoration: none;
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt color: #6666cc;
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt text-decoration: none;
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt color: #6666cc;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt text-decoration: none;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt color: #6666cc;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt font-family: arial,helvetica;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt font-variant: normal;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt font-style: normal;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt font-weight: bold;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt font-size: 24pt;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt line-height: 24pt;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt font-family: arial,helvetica;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt font-variant: normal;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt font-style: normal;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt font-weight: bold;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt font-size: 18pt;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt line-height: 18pt;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt font-family: arial,helvetica;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt font-variant: normal;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt font-style: normal;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt font-weight: bold;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt font-size: 14pt;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt line-height: 14pt;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt font-family: arial,helvetica;
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt font-variant: normal;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt font-style: normal;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt font-weight: bold;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt font-size: 12pt;
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt line-height: 12pt;
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt font-family: arial,helvetica;
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt font-variant: normal;
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt font-style: normal;
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt background-color: #f0f0f0;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt font-weight: bold;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt font-size: 16pt;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt line-height: 16pt;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt font-family: arial,helvetica;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt font-variant: normal;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt font-style: normal;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt font-weight: bold;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt font-size: 16pt;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt line-height: 16pt;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt font-family: arial,helvetica;
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt font-variant: normal;
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt font-style: normal;
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt font-weight: bold;
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt font-size: 16pt;
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt line-height: 16pt;
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt font-family: arial,helvetica;
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt font-variant: normal;
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt font-style: normal;
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt<script type="text/javascript" language="JavaScript">
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt<!-- Hiding the code
831f59eb43b56642b00f82e07722836d2f9593abEvan Huntfunction ro_imgNormal(imgName) {
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt document[imgName].src = eval(imgName + '_n.src');
831f59eb43b56642b00f82e07722836d2f9593abEvan Huntfunction ro_imgOver(imgName, descript) {
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt document[imgName].src = eval(imgName + '_o.src');
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt// done hiding -->
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt<script type="text/javascript" language="JavaScript">
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt<!-- Hiding the code
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt ro_img_prev_top_n = new Image();
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt ro_img_prev_top_n.src = 'ssl_template.navbut-prev-n.gif';
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt ro_img_prev_top_o = new Image();
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt ro_img_prev_top_o.src = 'ssl_template.navbut-prev-s.gif';
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt// done hiding -->
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt<script type="text/javascript" language="JavaScript">
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt<!-- Hiding the code
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt ro_img_prev_bot_n = new Image();
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt ro_img_prev_bot_n.src = 'ssl_template.navbut-prev-n.gif';
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt ro_img_prev_bot_o = new Image();
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt ro_img_prev_bot_o.src = 'ssl_template.navbut-prev-s.gif';
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt// done hiding -->
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt<script type="text/javascript" language="JavaScript">
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt<!-- Hiding the code
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt ro_img_next_top_n = new Image();
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt ro_img_next_top_n.src = 'ssl_template.navbut-next-n.gif';
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt ro_img_next_top_o = new Image();
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt ro_img_next_top_o.src = 'ssl_template.navbut-next-s.gif';
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt// done hiding -->
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt<script type="text/javascript" language="JavaScript">
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt<!-- Hiding the code
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt ro_img_next_bot_n = new Image();
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt ro_img_next_bot_n.src = 'ssl_template.navbut-next-n.gif';
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt ro_img_next_bot_o = new Image();
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt ro_img_next_bot_o.src = 'ssl_template.navbut-next-s.gif';
821350367e2c7313c02eb275e8e05d5193b47cfdJeremy C. Reed// done hiding -->
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066">
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt<table width="600" cellspacing="0" cellpadding="0" border="0" summary="">
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt <table width="600" cellspacing="0" cellpadding="0" summary="">
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-3.gif" alt="3" width="74" height="89">
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt<a href="ssl_intro.html" onmouseover="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_top'); return true" onfocus="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_top'); return true"><img name="ro_img_prev_top" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Introduction</font>
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt<a href="ssl_compat.html" onmouseover="ro_imgOver('ro_img_next_top', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_top'); return true" onfocus="ro_imgOver('ro_img_next_top', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_top'); return true"><img name="ro_img_next_top" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Compatibility</font>
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt <img src="ssl_template.title-ref.gif" alt="Reference" width="456" height="60">
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt<table cellspacing="0" cellpadding="0" width="150" summary="">
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt``Try to understand everything,
831f59eb43b56642b00f82e07722836d2f9593abEvan Huntbut believe nothing!''
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt<table cellspacing="0" cellpadding="0" border="0" summary="">
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt<img src="ssl_reference.gfont000.gif" alt="T" width="34" height="34" border="0" align="left">
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunthis chapter provides a reference to all configuration directives and
831f59eb43b56642b00f82e07722836d2f9593abEvan Huntadditional user visible features mod_ssl provides. It's intended as the
831f59eb43b56642b00f82e07722836d2f9593abEvan Huntofficial resource when you want to know how a particilar mod_ssl functionality
831f59eb43b56642b00f82e07722836d2f9593abEvan Huntis actually configured or activated. Each directive is documented similar to
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Huntthe way standard Apache directives are documented in the official Apache
831f59eb43b56642b00f82e07722836d2f9593abEvan Huntdocumentation set, i.e. for each directive especially the syntax, default and
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Huntcontext where applicable is given.
<a href="#ToC2"><strong>SSLPassPhraseDialog</strong></a><br>
<a href="#ToC4"><strong>SSLRandomSeed</strong></a><br>
<a href="#ToC5"><strong>SSLSessionCache</strong></a><br>
<a href="#ToC6"><strong>SSLSessionCacheTimeout</strong></a><br>
<a href="#ToC8"><strong>SSLProtocol</strong></a><br>
<a href="#ToC9"><strong>SSLCipherSuite</strong></a><br>
<a href="#ToC10"><strong>SSLCertificateFile</strong></a><br>
<a href="#ToC11"><strong>SSLCertificateKeyFile</strong></a><br>
<a href="#ToC12"><strong>SSLCertificateChainFile</strong></a><br>
<a href="#ToC13"><strong>SSLCACertificatePath</strong></a><br>
<a href="#ToC14"><strong>SSLCACertificateFile</strong></a><br>
<a href="#ToC15"><strong>SSLCARevocationPath</strong></a><br>
<a href="#ToC16"><strong>SSLCARevocationFile</strong></a><br>
<a href="#ToC17"><strong>SSLVerifyClient</strong></a><br>
<a href="#ToC18"><strong>SSLVerifyDepth</strong></a><br>
<a href="#ToC20"><strong>SSLLogLevel</strong></a><br>
<a href="#ToC21"><strong>SSLOptions</strong></a><br>
<a href="#ToC22"><strong>SSLRequireSSL</strong></a><br>
<a href="#ToC23"><strong>SSLRequire</strong></a><br>
<a href="#ToC25"><strong>Environment Variables</strong></a><br>
<a href="#ToC26"><strong>Custom Log Formats</strong></a><br>
each other, i.e. directives from the per-directory class can also be used in
<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Type of pass phrase dialog for encrypted private keys</td></tr>
href="/directive-dict.html#Syntax"
><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLPassPhraseDialog</code> <em>type</em></td></tr>
href="/directive-dict.html#Default"
><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <code>SSLPassPhraseDialog builtin</code></td></tr>
href="/directive-dict.html#Context"
href="/directive-dict.html#Override"
><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
href="/directive-dict.html#Status"
href="/directive-dict.html#Module"
href="/directive-dict.html#Compatibility"
dialog (i.e. when you use a single Pass Phrase for all N Private Key files
<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Semaphore for internal mutual exclusion of operations</td></tr>
href="/directive-dict.html#Syntax"
><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLMutex</code> <em>type</em></td></tr>
href="/directive-dict.html#Default"
><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <code>SSLMutex none</code></td></tr>
href="/directive-dict.html#Context"
href="/directive-dict.html#Override"
><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
href="/directive-dict.html#Status"
href="/directive-dict.html#Module"
href="/directive-dict.html#Compatibility"
<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Pseudo Random Number Generator (PRNG) seeding source</td></tr>
href="/directive-dict.html#Syntax"
><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLRandomSeed</code> <em>context</em> <em>source</em> [<em>bytes</em>]</td></tr>
href="/directive-dict.html#Default"
href="/directive-dict.html#Context"
href="/directive-dict.html#Override"
><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
href="/directive-dict.html#Status"
href="/directive-dict.html#Module"
href="/directive-dict.html#Compatibility"
much entropy data as it actually has, i.e. when you request 512 bytes of
actually generated, i.e. by which system interrupts. More details one can
<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Type of the global/inter-process SSL Session Cache</td></tr>
href="/directive-dict.html#Syntax"
><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLSessionCache</code> <em>type</em></td></tr>
href="/directive-dict.html#Default"
><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <code>SSLSessionCache none</code></td></tr>
href="/directive-dict.html#Context"
href="/directive-dict.html#Override"
><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
href="/directive-dict.html#Status"
href="/directive-dict.html#Module"
href="/directive-dict.html#Compatibility"
<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLSessionCacheTimeout</b></td></tr>
<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Number of seconds before an SSL session expires in the Session Cache</td></tr>
href="/directive-dict.html#Syntax"
><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLSessionCacheTimeout</code> <em>seconds</em></td></tr>
href="/directive-dict.html#Default"
><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <code>SSLSessionCacheTimeout 300</code></td></tr>
href="/directive-dict.html#Context"
><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
href="/directive-dict.html#Override"
><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
href="/directive-dict.html#Status"
href="/directive-dict.html#Module"
href="/directive-dict.html#Compatibility"
<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> SSL Engine Operation Switch</td></tr>
href="/directive-dict.html#Syntax"
><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLEngine</code> <em>on|off</em></td></tr>
href="/directive-dict.html#Default"
><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <code>SSLEngine off</code></td></tr>
href="/directive-dict.html#Context"
><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
href="/directive-dict.html#Override"
><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
href="/directive-dict.html#Status"
href="/directive-dict.html#Module"
href="/directive-dict.html#Compatibility"
<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Configure usable SSL protocol flavors</td></tr>
href="/directive-dict.html#Syntax"
><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLProtocol</code> [+-]<em>protocol</em> ...</td></tr>
href="/directive-dict.html#Default"
><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <code>SSLProtocol all</code></td></tr>
href="/directive-dict.html#Context"
><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
href="/directive-dict.html#Override"
href="/directive-dict.html#Status"
href="/directive-dict.html#Module"
href="/directive-dict.html#Compatibility"
<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Cipher Suite available for negotiation in SSL handshake</td></tr>
href="/directive-dict.html#Syntax"
><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLCipherSuite</code> <em>cipher-spec</em></td></tr>
href="/directive-dict.html#Default"
><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <code>SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP</code></td></tr>
href="/directive-dict.html#Context"
><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host, directory, .htaccess</td></tr>
href="/directive-dict.html#Override"
href="/directive-dict.html#Status"
href="/directive-dict.html#Module"
href="/directive-dict.html#Compatibility"
<tr id="H"><td><code>kEDH</code></td> <td>Ephemeral (temp.key) Diffie-Hellman key exchange (no cert)</td> </tr>
<tr id="H"><td><code>EDH</code></td> <td>all ciphers using Ephemeral Diffie-Hellman key exchange</td> </tr>
<tr id="D"><td><code>ADH</code></td> <td>all ciphers using Anonymous Diffie-Hellman key exchange</td> </tr>
authenticate, i.e. for SSL only the Anonymous Diffie-Hellman ciphers. Next,
<tr id="D"><td><b>Cipher-Tag</b></td> <td><b>Protocol</b></td> <td><b>Key Ex.</b></td> <td><b>Auth.</b></td> <td><b>Enc.</b></td> <td><b>MAC</b></td> <td><b>Type</b></td> </tr>
<tr id="D"><td><code>DES-CBC3-SHA</code></td> <td>SSLv3</td> <td>RSA</td> <td>RSA</td> <td>3DES(168)</td> <td>SHA1</td> <td> </td> </tr>
<tr id="H"><td><code>DES-CBC3-MD5</code></td> <td>SSLv2</td> <td>RSA</td> <td>RSA</td> <td>3DES(168)</td> <td>MD5</td> <td> </td> </tr>
<tr id="D"><td><code>IDEA-CBC-SHA</code></td> <td>SSLv3</td> <td>RSA</td> <td>RSA</td> <td>IDEA(128)</td> <td>SHA1</td> <td> </td> </tr>
<tr id="H"><td><code>RC4-SHA</code></td> <td>SSLv3</td> <td>RSA</td> <td>RSA</td> <td>RC4(128)</td> <td>SHA1</td> <td> </td> </tr>
<tr id="D"><td><code>RC4-MD5</code></td> <td>SSLv3</td> <td>RSA</td> <td>RSA</td> <td>RC4(128)</td> <td>MD5</td> <td> </td> </tr>
<tr id="H"><td><code>IDEA-CBC-MD5</code></td> <td>SSLv2</td> <td>RSA</td> <td>RSA</td> <td>IDEA(128)</td> <td>MD5</td> <td> </td> </tr>
<tr id="D"><td><code>RC2-CBC-MD5</code></td> <td>SSLv2</td> <td>RSA</td> <td>RSA</td> <td>RC2(128)</td> <td>MD5</td> <td> </td> </tr>
<tr id="H"><td><code>RC4-MD5</code></td> <td>SSLv2</td> <td>RSA</td> <td>RSA</td> <td>RC4(128)</td> <td>MD5</td> <td> </td> </tr>
<tr id="D"><td><code>DES-CBC-SHA</code></td> <td>SSLv3</td> <td>RSA</td> <td>RSA</td> <td>DES(56)</td> <td>SHA1</td> <td> </td> </tr>
<tr id="H"><td><code>RC4-64-MD5</code></td> <td>SSLv2</td> <td>RSA</td> <td>RSA</td> <td>RC4(64)</td> <td>MD5</td> <td> </td> </tr>
<tr id="D"><td><code>DES-CBC-MD5</code></td> <td>SSLv2</td> <td>RSA</td> <td>RSA</td> <td>DES(56)</td> <td>MD5</td> <td> </td> </tr>
<tr id="H"><td><code>EXP-DES-CBC-SHA</code></td> <td>SSLv3</td> <td>RSA(512)</td> <td>RSA</td> <td>DES(40)</td> <td>SHA1</td> <td> export</td> </tr>
<tr id="D"><td><code>EXP-RC2-CBC-MD5</code></td> <td>SSLv3</td> <td>RSA(512)</td> <td>RSA</td> <td>RC2(40)</td> <td>MD5</td> <td> export</td> </tr>
<tr id="H"><td><code>EXP-RC4-MD5</code></td> <td>SSLv3</td> <td>RSA(512)</td> <td>RSA</td> <td>RC4(40)</td> <td>MD5</td> <td> export</td> </tr>
<tr id="D"><td><code>EXP-RC2-CBC-MD5</code></td> <td>SSLv2</td> <td>RSA(512)</td> <td>RSA</td> <td>RC2(40)</td> <td>MD5</td> <td> export</td> </tr>
<tr id="H"><td><code>EXP-RC4-MD5</code></td> <td>SSLv2</td> <td>RSA(512)</td> <td>RSA</td> <td>RC4(40)</td> <td>MD5</td> <td> export</td> </tr>
<tr id="D"><td><code>NULL-SHA</code></td> <td>SSLv3</td> <td>RSA</td> <td>RSA</td> <td>None</td> <td>SHA1</td> <td> </td> </tr>
<tr id="H"><td><code>NULL-MD5</code></td> <td>SSLv3</td> <td>RSA</td> <td>RSA</td> <td>None</td> <td>MD5</td> <td> </td> </tr>
<tr id="H"><td><code>ADH-DES-CBC3-SHA</code></td> <td>SSLv3</td> <td>DH</td> <td>None</td> <td>3DES(168)</td> <td>SHA1</td> <td> </td> </tr>
<tr id="D"><td><code>ADH-DES-CBC-SHA</code></td> <td>SSLv3</td> <td>DH</td> <td>None</td> <td>DES(56)</td> <td>SHA1</td> <td> </td> </tr>
<tr id="H"><td><code>ADH-RC4-MD5</code></td> <td>SSLv3</td> <td>DH</td> <td>None</td> <td>RC4(128)</td> <td>MD5</td> <td> </td> </tr>
<tr id="D"><td><code>EDH-RSA-DES-CBC3-SHA</code></td> <td>SSLv3</td> <td>DH</td> <td>RSA</td> <td>3DES(168)</td> <td>SHA1</td> <td> </td> </tr>
<tr id="H"><td><code>EDH-DSS-DES-CBC3-SHA</code></td> <td>SSLv3</td> <td>DH</td> <td>DSS</td> <td>3DES(168)</td> <td>SHA1</td> <td> </td> </tr>
<tr id="D"><td><code>EDH-RSA-DES-CBC-SHA</code></td> <td>SSLv3</td> <td>DH</td> <td>RSA</td> <td>DES(56)</td> <td>SHA1</td> <td> </td> </tr>
<tr id="H"><td><code>EDH-DSS-DES-CBC-SHA</code></td> <td>SSLv3</td> <td>DH</td> <td>DSS</td> <td>DES(56)</td> <td>SHA1</td> <td> </td> </tr>
<tr id="D"><td><code>EXP-EDH-RSA-DES-CBC-SHA</code></td> <td>SSLv3</td> <td>DH(512)</td> <td>RSA</td> <td>DES(40)</td> <td>SHA1</td> <td> export</td> </tr>
<tr id="H"><td><code>EXP-EDH-DSS-DES-CBC-SHA</code></td> <td>SSLv3</td> <td>DH(512)</td> <td>DSS</td> <td>DES(40)</td> <td>SHA1</td> <td> export</td> </tr>
<tr id="D"><td><code>EXP-ADH-DES-CBC-SHA</code></td> <td>SSLv3</td> <td>DH(512)</td> <td>None</td> <td>DES(40)</td> <td>SHA1</td> <td> export</td> </tr>
<tr id="H"><td><code>EXP-ADH-RC4-MD5</code></td> <td>SSLv3</td> <td>DH(512)</td> <td>None</td> <td>RC4(40)</td> <td>MD5</td> <td> export</td> </tr>
<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Server PEM-encoded X.509 Certificate file</td></tr>
href="/directive-dict.html#Syntax"
><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLCertificateFile</code> <em>filename</em></td></tr>
href="/directive-dict.html#Default"
href="/directive-dict.html#Context"
><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
href="/directive-dict.html#Override"
><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
href="/directive-dict.html#Status"
href="/directive-dict.html#Module"
href="/directive-dict.html#Compatibility"
<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLCertificateKeyFile</b></td></tr>
<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Server PEM-encoded Private Key file</td></tr>
href="/directive-dict.html#Syntax"
><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLCertificateKeyFile</code> <em>filename</em></td></tr>
href="/directive-dict.html#Default"
href="/directive-dict.html#Context"
><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
href="/directive-dict.html#Override"
><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
href="/directive-dict.html#Status"
href="/directive-dict.html#Module"
href="/directive-dict.html#Compatibility"
<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLCertificateChainFile</b></td></tr>
<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> File of PEM-encoded Server CA Certificates</td></tr>
href="/directive-dict.html#Syntax"
><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLCertificateChainFile</code> <em>filename</em></td></tr>
href="/directive-dict.html#Default"
href="/directive-dict.html#Context"
><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
href="/directive-dict.html#Override"
><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
href="/directive-dict.html#Status"
href="/directive-dict.html#Module"
href="/directive-dict.html#Compatibility"
<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLCACertificatePath</b></td></tr>
<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Directory of PEM-encoded CA Certificates for Client Auth.</td></tr>
href="/directive-dict.html#Syntax"
><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLCACertificatePath</code> <em>directory</em></td></tr>
href="/directive-dict.html#Default"
href="/directive-dict.html#Context"
><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
href="/directive-dict.html#Override"
><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
href="/directive-dict.html#Status"
href="/directive-dict.html#Module"
href="/directive-dict.html#Compatibility"
<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLCACertificateFile</b></td></tr>
<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> File of concatenated PEM-encoded CA Certificates for Client Auth.</td></tr>
href="/directive-dict.html#Syntax"
><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLCACertificateFile</code> <em>filename</em></td></tr>
href="/directive-dict.html#Default"
href="/directive-dict.html#Context"
><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
href="/directive-dict.html#Override"
><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
href="/directive-dict.html#Status"
href="/directive-dict.html#Module"
href="/directive-dict.html#Compatibility"
<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Directory of PEM-encoded CA CRLs for Client Auth.</td></tr>
href="/directive-dict.html#Syntax"
><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLCARevocationPath</code> <em>directory</em></td></tr>
href="/directive-dict.html#Default"
href="/directive-dict.html#Context"
><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
href="/directive-dict.html#Override"
><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
href="/directive-dict.html#Status"
href="/directive-dict.html#Module"
href="/directive-dict.html#Compatibility"
<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> File of concatenated PEM-encoded CA CRLs for Client Auth.</td></tr>
href="/directive-dict.html#Syntax"
><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLCARevocationFile</code> <em>filename</em></td></tr>
href="/directive-dict.html#Default"
href="/directive-dict.html#Context"
><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
href="/directive-dict.html#Override"
><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
href="/directive-dict.html#Status"
href="/directive-dict.html#Module"
href="/directive-dict.html#Compatibility"
<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Type of Client Certificate verification</td></tr>
href="/directive-dict.html#Syntax"
><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLVerifyClient</code> <em>level</em></td></tr>
href="/directive-dict.html#Default"
><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <code>SSLVerifyClient none</code></td></tr>
href="/directive-dict.html#Context"
><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host, directory, .htaccess</td></tr>
href="/directive-dict.html#Override"
href="/directive-dict.html#Status"
href="/directive-dict.html#Module"
href="/directive-dict.html#Compatibility"
<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Maximum depth of CA Certificates in Client Certificate verification</td></tr>
href="/directive-dict.html#Syntax"
><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLVerifyDepth</code> <em>number</em></td></tr>
href="/directive-dict.html#Default"
><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <code>SSLVerifyDepth 1</code></td></tr>
href="/directive-dict.html#Context"
><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host, directory, .htaccess</td></tr>
href="/directive-dict.html#Override"
href="/directive-dict.html#Status"
href="/directive-dict.html#Module"
href="/directive-dict.html#Compatibility"
i.e. the number of CA certificates which are max allowed to be followed while
known to the server (i.e. the CA's certificate is under
<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Where to write the dedicated SSL engine logfile</td></tr>
href="/directive-dict.html#Syntax"
><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLLog</code> <em>filename</em></td></tr>
href="/directive-dict.html#Default"
href="/directive-dict.html#Context"
><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
href="/directive-dict.html#Override"
><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
href="/directive-dict.html#Status"
href="/directive-dict.html#Module"
href="/directive-dict.html#Compatibility"
be used for symlink attacks on a real server (i.e. somewhere where only root
<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Logging level for the dedicated SSL engine logfile</td></tr>
href="/directive-dict.html#Syntax"
><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLLogLevel</code> <em>level</em></td></tr>
href="/directive-dict.html#Default"
><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <code>SSLLogLevel none</code></td></tr>
href="/directive-dict.html#Context"
><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
href="/directive-dict.html#Override"
><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
href="/directive-dict.html#Status"
href="/directive-dict.html#Module"
href="/directive-dict.html#Compatibility"
log messages of error type only, i.e. messages which show fatal situations
log also warning messages, i.e. messages which show non-fatal problems
log also informational messages, i.e. messages which show major
log also trace messages, i.e. messages which show minor processing steps.
log also debugging messages, i.e. messages which show development and
<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Configure various SSL engine run-time options</td></tr>
href="/directive-dict.html#Syntax"
><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLOptions</code> [+-]<em>option</em> ...</td></tr>
href="/directive-dict.html#Default"
href="/directive-dict.html#Context"
><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host, directory, .htaccess</td></tr>
href="/directive-dict.html#Override"
href="/directive-dict.html#Status"
href="/directive-dict.html#Module"
href="/directive-dict.html#Compatibility"
<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Deny access when SSL is not used for the HTTP request</td></tr>
href="/directive-dict.html#Syntax"
><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLRequireSSL</code></td></tr>
href="/directive-dict.html#Default"
href="/directive-dict.html#Context"
href="/directive-dict.html#Override"
href="/directive-dict.html#Status"
href="/directive-dict.html#Module"
href="/directive-dict.html#Compatibility"
This directive forbids access unless HTTP over SSL (i.e. HTTPS) is enabled for
<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Allow access only when an arbitrarily complex boolean expression is true</td></tr>
href="/directive-dict.html#Syntax"
><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLRequire</code> <em>expression</em></td></tr>
href="/directive-dict.html#Default"
href="/directive-dict.html#Context"
href="/directive-dict.html#Override"
href="/directive-dict.html#Status"
href="/directive-dict.html#Module"
href="/directive-dict.html#Compatibility"
<tr id="H"><td><code>SSL_PROTOCOL</code></td> <td>string</td> <td>The SSL protocol version (SSLv2, SSLv3, TLSv1)</td></tr>
<tr id="H"><td><code>SSL_SESSION_ID</code></td> <td>string</td> <td>The hex-encoded SSL session id</td></tr>
<tr id="D"><td><code>SSL_CIPHER</code></td> <td>string</td> <td>The cipher specification name</td></tr>
<tr id="D"><td><code>SSL_CIPHER_EXPORT</code></td> <td>string</td> <td><code>true</code> if cipher is an export cipher</td></tr>
<tr id="H"><td><code>SSL_CIPHER_USEKEYSIZE</code></td> <td>number</td> <td>Number of cipher bits (actually used)</td></tr>
<tr id="D"><td><code>SSL_CIPHER_ALGKEYSIZE</code></td> <td>number</td> <td>Number of cipher bits (possible)</td></tr>
<tr id="H"><td><code>SSL_VERSION_INTERFACE</code></td> <td>string</td> <td>The mod_ssl program version</td></tr>
<tr id="D"><td><code>SSL_VERSION_LIBRARY</code></td> <td>string</td> <td>The OpenSSL program version</td></tr>
<tr id="H"><td><code>SSL_CLIENT_M_VERSION</code></td> <td>string</td> <td>The version of the client certificate</td></tr>
<tr id="D"><td><code>SSL_CLIENT_M_SERIAL</code></td> <td>string</td> <td>The serial of the client certificate</td></tr>
<tr id="H"><td><code>SSL_CLIENT_S_DN</code></td> <td>string</td> <td>Subject DN in client's certificate</td></tr>
<tr id="D"><td><code>SSL_CLIENT_S_DN_</code><em>x509</em></td> <td>string</td> <td>Component of client's Subject DN</td></tr>
<tr id="H"><td><code>SSL_CLIENT_I_DN</code></td> <td>string</td> <td>Issuer DN of client's certificate</td></tr>
<tr id="D"><td><code>SSL_CLIENT_I_DN_</code><em>x509</em></td> <td>string</td> <td>Component of client's Issuer DN</td></tr>
<tr id="H"><td><code>SSL_CLIENT_V_START</code></td> <td>string</td> <td>Validity of client's certificate (start time)</td></tr>
<tr id="D"><td><code>SSL_CLIENT_V_END</code></td> <td>string</td> <td>Validity of client's certificate (end time)</td></tr>
<tr id="H"><td><code>SSL_CLIENT_A_SIG</code></td> <td>string</td> <td>Algorithm used for the signature of client's certificate</td></tr>
<tr id="D"><td><code>SSL_CLIENT_A_KEY</code></td> <td>string</td> <td>Algorithm used for the public key of client's certificate</td></tr>
<tr id="H"><td><code>SSL_CLIENT_CERT</code></td> <td>string</td> <td>PEM-encoded client certificate</td></tr>
<tr id="D"><td><code>SSL_CLIENT_CERT_CHAIN</code><i>n</i></td> <td>string</td> <td>PEM-encoded certificates in client certificate chain</td></tr>
<tr id="H"><td><code>SSL_CLIENT_VERIFY</code></td> <td>string</td> <td><tt>NONE</tt>, <tt>SUCCESS</tt>, <tt>GENEROUS</tt> or <tt>FAILED:</tt><i>reason</i></td></tr>
<tr id="D"><td><code>SSL_SERVER_M_VERSION</code></td> <td>string</td> <td>The version of the server certificate</td></tr>
<tr id="H"><td><code>SSL_SERVER_M_SERIAL</code></td> <td>string</td> <td>The serial of the server certificate</td></tr>
<tr id="D"><td><code>SSL_SERVER_S_DN</code></td> <td>string</td> <td>Subject DN in server's certificate</td></tr>
<tr id="H"><td><code>SSL_SERVER_S_DN_</code><em>x509</em></td> <td>string</td> <td>Component of server's Subject DN</td></tr>
<tr id="D"><td><code>SSL_SERVER_I_DN</code></td> <td>string</td> <td>Issuer DN of server's certificate</td></tr>
<tr id="H"><td><code>SSL_SERVER_I_DN_</code><em>x509</em></td> <td>string</td> <td>Component of server's Issuer DN</td></tr>
<tr id="D"><td><code>SSL_SERVER_V_START</code></td> <td>string</td> <td>Validity of server's certificate (start time)</td></tr>
<tr id="H"><td><code>SSL_SERVER_V_END</code></td> <td>string</td> <td>Validity of server's certificate (end time)</td></tr>
<tr id="D"><td><code>SSL_SERVER_A_SIG</code></td> <td>string</td> <td>Algorithm used for the signature of server's certificate</td></tr>
<tr id="H"><td><code>SSL_SERVER_A_KEY</code></td> <td>string</td> <td>Algorithm used for the public key of server's certificate</td></tr>
<tr id="D"><td><code>SSL_SERVER_CERT</code></td> <td>string</td> <td>PEM-encoded server certificate</td></tr>
<a href="ssl_intro.html" onmouseover="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_bot'); return true" onfocus="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_bot'); return true"><img name="ro_img_prev_bot" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Introduction</font>
<a href="ssl_compat.html" onmouseover="ro_imgOver('ro_img_next_bot', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_bot'); return true" onfocus="ro_imgOver('ro_img_next_bot', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_bot'); return true"><img name="ro_img_next_bot" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Compatibility</font>
<td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>