Re: explicitly including other ciphers for use with https

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Dec 8, 2015 at 10:45 AM, Ron Croonenberg <ronc@xxxxxxxx> wrote:
I forgot,  is there a "standard way" to create an rpm so I can install the binaries somewhere?

Well, all the major linux distributions have their own forks, their own 'one right
way' to package rpm/deb/etc, but have a look in the build/ directory of your
source tarball.
 
On 12/08/2015 09:41 AM, Ron Croonenberg wrote:
so in the source tree:

modules/ssl


in: ssl_engine_config.c
I see two lines:
arg = apr_pstrcat(cmd->pool, "!aNULL:!eNULL:!EXP:", arg, NULL);

and tossed eNULL out

in: ssl_engine_init.c
I see a line:
apr_pstrcat(ptemp, "!aNULL:!eNULL:!EXP:", SSL_DEFAULT_CIPHER_LIST,

these 3 locations are the only places where NULL ciphers are excluded,
right?

Offhand, yes. 

 
P.S:  why not make it an option that can be configured and where the
default 'setting' is "no NULL ciphers" ?

Because a very tiny fraction of the users who toggle such an option 
will know what they are doing.
 
You clearly do, however you may or may not find the performance gains
you are hoping for, there are more efficient auth mechanisms such as
digest authentication that will not pass passwords in the clear, and there
are others such as gssapi that perform the authentication function alone
using typical linux semantics.

Have you looked at https://github.com/modauthgssapi/mod_auth_gssapi
as an alternative for this particular use case?

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux