|
@@ -6,7 +6,7 @@
|
|
|
This example file starts with a common setup that voluntarily exhibits
|
|
|
all available configurations knobs with simple comments. Extended
|
|
|
comments on the behavior of the option is provided at the end for
|
|
|
- better readibility. As a matter of fact, a common configuration file
|
|
|
+ better readability. As a matter of fact, a common configuration file
|
|
|
will certainly contain far less elements and benefit of default values
|
|
|
for many parameters.
|
|
|
|
|
@@ -38,12 +38,12 @@
|
|
|
matches their respective DNS names.
|
|
|
- We have CRL available for both dom1.tld and dom2.tld PKI, and intend
|
|
|
to use them.
|
|
|
- - It somtimes happens that we had other more generic https available
|
|
|
+ - It sometimes happens that we had other more generic https available
|
|
|
repository to our list. We want the checks to be performed against
|
|
|
a common list of anchors (like the one provided by ca-certificates
|
|
|
package for instance)
|
|
|
|
|
|
- The sample configuration below basically covers those simpe needs.
|
|
|
+ The sample configuration below basically covers those simple needs.
|
|
|
*/
|
|
|
|
|
|
|
|
@@ -168,12 +168,12 @@ Acquire::https::secure.dom2.tld::SslKey "/etc/apt/certs/my-key.pem";
|
|
|
When the option is set to "SSLv3" to have apt propose SSLv3 (and
|
|
|
associated sets of ciphersuites) instead of TLSv1 (the default)
|
|
|
when performing the exchange. This prevents the server to select
|
|
|
- TLSv1 and use associated cipheruites. You should probably not use
|
|
|
+ TLSv1 and use associated ciphersuites. You should probably not use
|
|
|
this option except if you know exactly what you are doing.
|
|
|
|
|
|
Note that the default setting does not guarantee that the server
|
|
|
will not select SSLv3 (for ciphersuites and SSL/TLS version as
|
|
|
- selectio is always done by the server, in the end). It only means
|
|
|
+ selection is always done by the server, in the end). It only means
|
|
|
that apt will not advertise TLS support.
|
|
|
|
|
|
Debug::Acquire::https "true";
|