httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "IdealGourmet" <>
Subject RE: [users@httpd] explicitly including other ciphers for use with https
Date Tue, 08 Dec 2015 17:48:10 GMT
This is an error email !! don’t send more email here !!!!!!!!!!


De: William A Rowe Jr [] 
Enviado el: mardi 8 décembre 2015 18:36
Asunto: Re: [users@httpd] explicitly including other ciphers for use with https


On Tue, Dec 8, 2015 at 10:45 AM, Ron Croonenberg <> wrote:

I forgot,  is there a "standard way" to create an rpm so I can install the binaries somewhere?


Well, all the major linux distributions have their own forks, their own 'one right

way' to package rpm/deb/etc, but have a look in the build/ directory of your

source tarball.


On 12/08/2015 09:41 AM, Ron Croonenberg wrote:

so in the source tree:


in: ssl_engine_config.c
I see two lines:
arg = apr_pstrcat(cmd->pool, "!aNULL:!eNULL:!EXP:", arg, NULL);

and tossed eNULL out

in: ssl_engine_init.c
I see a line:
apr_pstrcat(ptemp, "!aNULL:!eNULL:!EXP:", SSL_DEFAULT_CIPHER_LIST,

these 3 locations are the only places where NULL ciphers are excluded,


Offhand, yes. 



P.S:  why not make it an option that can be configured and where the
default 'setting' is "no NULL ciphers" ?


Because a very tiny fraction of the users who toggle such an option 

will know what they are doing.


You clearly do, however you may or may not find the performance gains

you are hoping for, there are more efficient auth mechanisms such as

digest authentication that will not pass passwords in the clear, and there

are others such as gssapi that perform the authentication function alone

using typical linux semantics.


Have you looked at

as an alternative for this particular use case?


No se encontraron virus en este mensaje.
Comprobado por AVG -
Versión: 2016.0.7227 / Base de datos de virus: 4477/11138 - Fecha de publicación: 12/08/15

View raw message