httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacob Champion <>
Subject Re: [users@httpd] explicitly including other ciphers for use with https
Date Tue, 08 Dec 2015 01:40:22 GMT
On 12/07/2015 05:06 PM, William A Rowe Jr wrote:
> On Mon, Dec 7, 2015 at 2:39 PM, Ron Croonenberg <
> <>> wrote:
>     Hello,
>     I a building a storage system, using HTTP/HTTPS for ingesting data.
>     I would like to use the authentication over HTTPS, while after that
>     I want no encryption on the data because of peformance.
> Then you probably don't understand the performance impact of TLS.

To help Ron out a little... he's coming from this conversation [1] on 
the openssl-users mailing list, where he's described his rather unusual 
network topology already.

I'm still unsure as to whether or not his proposed solution is secure... 
but I am convinced that his use case is atypical.

> any man-in-the-middle can observe the data in transit and alter
> the data passed between your client and backend storage server

Wait, why does the use of NULL encryption have any effect on the 
authenticity/integrity characteristics of the cipher? I asserted 
otherwise on openssl-users and was not corrected...



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message