apache2-mod_nss/mod_nss-cipherlist_update_for_tls12-doc.diff

diff -rNU 50 ../mod_nss-1.0.8-o/docs/mod_nss.html ./docs/mod_nss.html
--- ../mod_nss-1.0.8-o/docs/mod_nss.html	2014-02-18 16:30:19.000000000 +0100
+++ ./docs/mod_nss.html	2014-02-18 16:48:18.000000000 +0100
@@ -632,100 +632,135 @@
       </td>
       <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1/TLSv1.2</td>
     </tr>
     <tr>
       <td style="vertical-align: top;">fortezza_null<br>
       </td>
       <td style="vertical-align: top;">SSL_FORTEZZA_DMS_WITH_NULL_SHA<br>
       </td>
       <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1/TLSv1.2</td>
     </tr>
     <tr>
       <td style="vertical-align: top;">fips_des_sha<br>
       </td>
       <td style="vertical-align: top;">SSL_RSA_FIPS_WITH_DES_CBC_SHA<br>
       </td>
       <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1/TLSv1.2</td>
     </tr>
     <tr>
       <td style="vertical-align: top;">fips_3des_sha<br>
       </td>
       <td style="vertical-align: top;">SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA<br>
       </td>
       <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1/TLSv1.2</td>
     </tr>
     <tr>
       <td style="vertical-align: top;">rsa_des_56_sha</td>
       <td style="vertical-align: top;">TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA<br>
       </td>
       <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1/TLSv1.2</td>
     </tr>
     <tr>
       <td style="vertical-align: top;">rsa_rc4_56_sha</td>
       <td style="vertical-align: top;">TLS_RSA_EXPORT1024_WITH_RC4_56_SHA<br>
       </td>
       <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1/TLSv1.2</td>
     </tr>
     <tr>
       <td style="vertical-align: top;">rsa_aes_128_sha<br>
       </td>
       <td style="vertical-align: top;">TLS_RSA_WITH_AES_128_CBC_SHA<br>
       </td>
       <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1/TLSv1.2</td>
     </tr>
     <tr>
       <td style="vertical-align: top;">rsa_aes_256_sha<br>
       </td>
       <td style="vertical-align: top;">TLS_RSA_WITH_AES_256_CBC_SHA<br>
       </td>
       <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1/TLSv1.2</td>
     </tr>
+    <tr>
+      <td style="vertical-align: top;">rsa_aes_128_sha256<br>
+      </td>
+      <td style="vertical-align: top;">TLS_RSA_WITH_AES_128_CBC_SHA256<br>
+      </td>
+      <td style="vertical-align: top;">TLSv1.2</td>
+    </tr>
+    <tr>
+      <td style="vertical-align: top;">rsa_aes_128_gcm_sha<br>
+      </td>
+      <td style="vertical-align: top;">TLS_RSA_WITH_AES_128_GCM_SHA256<br>
+      </td>
+      <td style="vertical-align: top;">TLSv1.2</td>
+    </tr>
+    <tr>
+      <td style="vertical-align: top;">rsa_camellia_128_sha<br>
+      </td>
+      <td style="vertical-align: top;">TLS_RSA_WITH_CAMELLIA_128_CBC_SHA<br>
+      </td>
+      <td style="vertical-align: top;">TLSv1.0/TLSv1.1/TLSv1.2</td>
+    </tr>
+    <tr>
+      <td style="vertical-align: top;">rsa_camellia_256_sha<br>
+      </td>
+      <td style="vertical-align: top;">TLS_RSA_WITH_CAMELLIA_256_CBC_SHA<br>
+      </td>
+      <td style="vertical-align: top;">TLSv1.0/TLSv1.1/TLSv1.2</td>
+    </tr>
+    <tr>
+      <td style="vertical-align: top;">rsa_aes_256_sha256<br>
+      </td>
+      <td style="vertical-align: top;">TLS_RSA_WITH_AES_256_CBC_SHA256<br>
+      </td>
+      <td style="vertical-align: top;">TLSv1.2</td>
+    </tr>
   </tbody>
 </table>
 <br>
 Additionally there are a number of ECC ciphers:<br>
 <br>
 <table style="width: 70%;" border="1" cellpadding="2" cellspacing="2">
   <tbody>
     <tr>
       <td style="vertical-align: top; font-weight: bold;">Cipher Name<br>
       </td>
       <td style="vertical-align: top; font-weight: bold;">NSS Cipher
 Definition<br>
       </td>
       <td style="vertical-align: top; font-weight: bold;">Protocol<br>
       </td>
     </tr>
     <tr>
       <td>ecdh_ecdsa_null_sha</td>
       <td>TLS_ECDH_ECDSA_WITH_NULL_SHA</td>
       <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
     </tr>
     <tr>
       <td>ecdh_ecdsa_rc4_128_sha</td>
       <td>TLS_ECDH_ECDSA_WITH_RC4_128_SHA</td>
       <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
     </tr>
     <tr>
       <td>ecdh_ecdsa_3des_sha</td>
       <td>TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA</td>
       <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
     </tr>
     <tr>
       <td>ecdh_ecdsa_aes_128_sha</td>
       <td>TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA</td>
       <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
     </tr>
     <tr>
       <td>ecdh_ecdsa_aes_256_sha</td>
       <td>TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA</td>
       <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
     </tr>
     <tr>
       <td>ecdhe_ecdsa_null_sha</td>
       <td>TLS_ECDHE_ECDSA_WITH_NULL_SHA</td>
       <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
     </tr>
     <tr>
       <td>ecdhe_ecdsa_rc4_128_sha</td>
       <td>TLS_ECDHE_ECDSA_WITH_RC4_128_SHA</td>
       <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
@@ -773,100 +794,130 @@
     <tr>
       <td>echde_rsa_null</td>
       <td>TLS_ECDHE_RSA_WITH_NULL_SHA</td>
       <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
     </tr>
     <tr>
       <td>ecdhe_rsa_rc4_128_sha</td>
       <td>TLS_ECDHE_RSA_WITH_RC4_128_SHA</td>
       <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
     </tr>
     <tr>
       <td>ecdhe_rsa_3des_sha</td>
       <td>TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</td>
       <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
     </tr>
     <tr>
       <td>ecdhe_rsa_aes_128_sha</td>
       <td>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</td>
       <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
     </tr>
     <tr>
       <td>ecdhe_rsa_aes_256_sha</td>
       <td>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</td>
       <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
     </tr>
     <tr>
       <td>ecdh_anon_null_sha</td>
       <td>TLS_ECDH_anon_WITH_NULL_SHA</td>
       <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
     </tr>
     <tr>
       <td>ecdh_anon_rc4_128sha</td>
       <td>TLS_ECDH_anon_WITH_RC4_128_SHA</td>
       <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
     </tr>
     <tr>
       <td>ecdh_anon_3des_sha</td>
       <td>TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA</td>
       <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
     </tr>
     <tr>
       <td>ecdh_anon_aes_128_sha</td>
       <td>TLS_ECDH_anon_WITH_AES_128_CBC_SHA</td>
       <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
     </tr>
     <tr>
       <td>ecdh_anon_aes_256_sha</td>
       <td>TLS_ECDH_anon_WITH_AES_256_CBC_SHA</td>
       <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
     </tr>
+    <tr>
+      <td>ecdh_ecdsa_aes_128_sha256</td>
+      <td>TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256</td>
+      <td>TLSv1.2</td>
+    </tr>
+    <tr>
+      <td>ecdh_rsa_aes_128_sha256</td>
+      <td>TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256</td>
+      <td>TLSv1.2</td>
+    </tr>
+    <tr>
+      <td>ecdh_ecdsa_aes_128_gcm_sha</td>
+      <td>TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256</td>
+      <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
+    </tr>
+    <tr>
+      <td>ecdhe_ecdsa_aes_128_gcm_sha</td>
+      <td>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</td>
+      <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
+    </tr>
+    <tr>
+      <td>ecdh_rsa_aes_128_gcm_sha</td>
+      <td>TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256</td>
+      <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
+    </tr>
+    <tr>
+      <td>ecdhe_rsa_aes_128_gcm_sha</td>
+      <td>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</td>
+      <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
+    </tr>
   </tbody>
 </table>
 <br>
 <span style="font-weight: bold;">Example</span><br>
 <br>
 <code>NSSCipherSuite
 +rsa_3des_sha,-rsa_des_56_sha,+rsa_des_sha,-rsa_null_md5,-rsa_null_sha,-rsa_rc2_40_md5,+rsa_rc4_128_md5,-rsa_rc4_128_sha,<br>
 -rsa_rc4_40_md5,-rsa_rc4_56_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-fips_des_sha,<br>
 +fips_3des_sha,-rsa_aes_128_sha,-rsa_aes_256_sha</code><br>
 <br>
 <big><big>NSSProtocol<br>
 </big></big><br>
 A comma-separated string that lists the basic protocols that the server
 can use (and clients may connect with). It doesn't enable a cipher
 specifically but allows ciphers for that protocol to be used at all.<br>
 <br>
 Options are:<br>
 <ul>
   <li><code>SSLv3</code></li>
   <li><code>TLSv1 (legacy only; replaced by TLSv1.0)</code></li>
   <li><code>TLSv1.0</code></li>
   <li><code>TLSv1.1</code></li>
   <li><code>TLSv1.2</code></li>
   <li><code>All</code></li>
 </ul>
 Note that this differs from mod_ssl in that you can't add or subtract
 protocols.<br>
 <br>
 If no NSSProtocol is specified, mod_nss will default to allowing the use of
 the SSLv3, TLSv1.0, TLSv1.1, and TLSv1.2 protocols, where SSLv3 will be set to be the
 minimum protocol allowed, and TLSv1.2 will be set to be the maximum protocol
 allowed.
 <br>
 If values for NSSProtocol are specified, mod_nss will set both the minimum
 and the maximum allowed protocols based upon these entries allowing for the
 inclusion of every protocol in-between. For example, if only SSLv3 and TLSv1.2
 are specified, SSLv3, TLSv1.0, TLSv1.1 and TLSv1.2 will all be allowed, as NSS utilizes
 protocol ranges to accept all protocols inclusively
 (TLS 1.2 -&gt;TLS 1.1 -&gt; TLS 1.0 -&gt; SSL 3.0), and does not allow exclusion of any protocols
 in the middle of a range (e. g. - TLS 1.0).<br>
 <br>
 Finally, NSS will always automatically negotiate the use of the strongest
 possible protocol that has been specified which is acceptable to both sides of
 a given connection.<br>
 <a href="#SSLv2">SSLv2</a> is not supported by default at this time.<br>
 <br>
 <span style="font-weight: bold;">Example</span><br>
 <br>
 <code>NSSProtocol SSLv3,TLSv1.0,TLSv1.1,TLSv1.2</code><br>
 <br>