25.5.2. Configuration Directives for SSL
/etc/httpd/conf.d/ssl.conffile can be configured to enable secure Web communications using TLS. See Resolution for POODLE SSLv3.0 vulnerability (CVE-2014-3566) in httpd for important information on disabling SSL while enabling TLS.
SSLand using only
TLSv1.2. Backwards compatibility can be achieved using
TLSv1.0. Many products Red Hat supports have the ability to use
SSLv3protocols, or enable them by default. However, the use of
SSLv3is now strongly recommended against.
SetEnvIf sets environment variables based on the headers of incoming connections. It is not solely an SSL directive, though it is present in the supplied
/etc/httpd/conf.d/ssl.conf file. It's purpose in this context is to disable HTTP keepalive and to allow SSL to close the connection without a closing notification from the client browser. This setting is necessary for certain browsers that do not reliably shut down the SSL connection.