httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ron Croonenberg <r...@lanl.gov>
Subject Re: [users@httpd] explicitly including other ciphers for use with https
Date Tue, 08 Dec 2015 15:52:45 GMT

> It should be straightforward to patch mod_ssl to accept null ciphers,
> for such an unusual use case, but it isn't something we would likely
> accept in the ASF distribution for the reasons I outlined.

that would be fine, this is cluster that needs to move a lot data 
internally in a very short amount of time..

where in mod_ssl would I be looking?


>         Otherwise,
>         any man-in-the-middle can observe the data in transit and alter
>         the data passed between your client and backend storage server

there are no men to be in the middle.  the servers have no logins/users. 
  Consider it an appliance,  in general people also don't worry about 
someone sniffing the wire between a HDU sas connector and the drive's 
chipset. This is the same thing, just a little bigger.

>
>     Wait, why does the use of NULL encryption have any effect on the
>     authenticity/integrity characteristics of the cipher? I asserted
>     otherwise on openssl-users and was not corrected...
>
>
> I didn't suggest it that it would.  Everything *after* that handshake,
> in cleartext, is open for inspection or for manipulation by every link
> in between the user agent and server.

except in my case,  there is 'no one there' to do it. It is a separate, 
isolated network.

thanks,

Ron

>     --Jacob
>
>     [1] https://marc.info/?t=144900982700003&r=1&w=2
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message