From 02b7cb57c440680af42650e13cc5a1302231c16b Mon Sep 17 00:00:00 2001
From: markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Date: Wed, 3 Aug 2011 10:36:33 +0000
Subject: [PATCH] Add info on ciphers

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1153423 13f79535-47bb-0310-9956-ffa450edef68
---
 webapps/docs/changelog.xml      | 4 ++++
 webapps/docs/security-howto.xml | 6 ++++++
 2 files changed, 10 insertions(+)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 01004bf11..3d88920b5 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -217,6 +217,10 @@
       <update>
         Improve class loading documentation. (kkolinko)
       </update>
+      <add>
+        Add information to the security page of the the documentation web
+        application for the ciphers attribute of the Connector element. (markt)
+      </add>
     </changelog>
   </subsection>
   <subsection name="Other">
diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml
index bd27e2f10..6826823b2 100644
--- a/webapps/docs/security-howto.xml
+++ b/webapps/docs/security-howto.xml
@@ -187,6 +187,12 @@
       proxy uses AJP then the SSL attributes of the client connection are
       passed via the AJP protocol and separate connectors are not needed.</p>
       
+      <p>The <strong>ciphers</strong> attribute controls the ciphers used for
+      SSL connections. By default, the default ciphers for the JVM will be used.
+      This usually means that the weak export grade ciphers will be included in
+      the list of available ciphers. Secure environments will normally want to
+      configure a more limited set of ciphers.</p>
+      
       <p>The <strong>tomcatAuthentication</strong> attribute is used with the
       AJP connectors to determine if Tomcat should authenticate the user or if
       authentication can be delegated to the reverse proxy that will then pass
-- 
2.11.0