RE: explicitly including other ciphers for use with https

["IdealGourmet" <info@xxxxxxxxxxxxxxx>]

This is an error email !! don’t send more email here !!!!!!!!!!

 

De: William A Rowe Jr [mailto:wrowe@xxxxxxxxxxxxx]
Enviado el: mardi 8 décembre 2015 18:36
Para: users@xxxxxxxxxxxxxxxx
Asunto: Re: explicitly including other ciphers for use with https

 

On Tue, Dec 8, 2015 at 10:45 AM, Ron Croonenberg <ronc@xxxxxxxx> wrote:

I forgot,  is there a "standard way" to create an rpm so I can install the binaries somewhere?

 

Well, all the major linux distributions have their own forks, their own 'one right

way' to package rpm/deb/etc, but have a look in the build/ directory of your

source tarball.

 

On 12/08/2015 09:41 AM, Ron Croonenberg wrote:

so in the source tree:

modules/ssl


in: ssl_engine_config.c
I see two lines:
arg = apr_pstrcat(cmd->pool, "!aNULL:!eNULL:!EXP:", arg, NULL);

and tossed eNULL out

in: ssl_engine_init.c
I see a line:
apr_pstrcat(ptemp, "!aNULL:!eNULL:!EXP:", SSL_DEFAULT_CIPHER_LIST,

these 3 locations are the only places where NULL ciphers are excluded,
right?

 

Offhand, yes. 

 

 

P.S:  why not make it an option that can be configured and where the
default 'setting' is "no NULL ciphers" ?

 

Because a very tiny fraction of the users who toggle such an option 

will know what they are doing.

 

You clearly do, however you may or may not find the performance gains

you are hoping for, there are more efficient auth mechanisms such as

digest authentication that will not pass passwords in the clear, and there

are others such as gssapi that perform the authentication function alone

using typical linux semantics.

 

Have you looked at https://github.com/modauthgssapi/mod_auth_gssapi

as an alternative for this particular use case?

 

No se encontraron virus en este mensaje.
Comprobado por AVG - www.avg.com
Versión: 2016.0.7227 / Base de datos de virus: 4477/11138 - Fecha de publicación: 12/08/15