Add info on ciphers

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1153423 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 01004bf..3d88920 100644 (file)
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -217,6 +217,10 @@
       <update>
         Improve class loading documentation. (kkolinko)
       </update>
+      <add>
+        Add information to the security page of the the documentation web
+        application for the ciphers attribute of the Connector element. (markt)
+      </add>
     </changelog>
   </subsection>
   <subsection name="Other">

diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml
index bd27e2f..6826823 100644 (file)
--- a/webapps/docs/security-howto.xml
+++ b/webapps/docs/security-howto.xml
@@ -187,6 +187,12 @@
       proxy uses AJP then the SSL attributes of the client connection are
       passed via the AJP protocol and separate connectors are not needed.</p>
       
+      <p>The <strong>ciphers</strong> attribute controls the ciphers used for
+      SSL connections. By default, the default ciphers for the JVM will be used.
+      This usually means that the weak export grade ciphers will be included in
+      the list of available ciphers. Secure environments will normally want to
+      configure a more limited set of ciphers.</p>
+      
       <p>The <strong>tomcatAuthentication</strong> attribute is used with the
       AJP connectors to determine if Tomcat should authenticate the user or if
       authentication can be delegated to the reverse proxy that will then pass