explicitly including other ciphers.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 04/12/2015 03:03, Michael Wojcik wrote:
>> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
>> Of Ron Croonenberg
>> Sent: Thursday, December 03, 2015 18:35
>> To: openssl-users at openssl.org
>> Subject: Re: [openssl-users] explicitly including other ciphers.
>>
>> The network is isolated from the outside worl,   BUT  we still need
>> authentication because different users are using it.
>>
>> So what I preferably want is sort of a set up where,
>> authentication is done the "standard way" and after that just use the
>> https connection without the overhead of actually encrypting anything.
>> (and the lesss modifications and recompiling the better)
> So rather than connecting directly to Apache, how about connecting to a TLS proxy like stunnel, which would then connect to Apache over vanilla HTTP. Configure Apache to only bind to loopback addresses (127/8 and/or ::1), so no one can bypass the proxy.
>
> That's assuming stunnel doesn't also play silly buggers with the cipher suite list.
>
Wouldn't that extra hop via stunnel cost performance
(noting that Ron is apparently running at faster than
gigabit speed).

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 S?borg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux