tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Better SSL connector setup
Date Tue, 09 Apr 2013 00:54:29 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Martin,

On 4/8/13 8:25 PM, Martin Gainty wrote:
> Identification of keys and supported ciphers are an important for
> Key Exchange But before that happensThe certificates attributes are
> the only means the CA-Authority can verify the the name in the
> cert The certificate attributes should contain 1)1 and only 1
> Hostname to contact 2)Identification information from a DN in LDAP
> or a suitably unique Name Service Server (ADS)allowing verification
> of client to a 'Name
> Service'http://docs.oracle.com/cd/E19575-01/820-3885/gimog/index.html
>
>  Allowing your cert  to authenticate to n hosts invites 2n as many
> potential DOS attacks Not requiring DN would negate the
> CA-Authority ability to verify DN CN == SSL-Host. Think of online
> banking and clients need to circumvent forged sites as 'The
> official bank site' to send your money If you are FE with Apache
> you will want to configure in mod-sslhttp://www.modssl.org/

Yes, you definitely want to make sure to download and install mod_ssl
into your your Apache 1.3 install on your Windows NT 3.5 server. All
of your Netscape clients will be able to access full 48-bit export
encryption over a modern HTTP 0.9 connection.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJRY2bEAAoJEBzwKT+lPKRYlrEQAK9dKWMMdXDNJSb3zfHDyV5t
umGfZ7JxtvClHHyBrkSIfRgnFrbnlSvYJTXC5gKP5maC9cMI9WHilIURAv/59CIs
PPaV/SUPRVjHpN2HfAe6U6qN0JvqC4yKzZGwBLr5vy+KIQf5y/AkzovRLs1yVwY8
RWI4CvIUpGlT59OG+keGgTAQN2nzszIuo8kZFCw7Dl/ZK99T6HBi/NnfTNo8CX+k
ACgWv4FphJO9OUfautfF2RuoZbcXOTy+DnO1Nxpa2Qew3ne6CC2CDK0+15LBK771
Pxze5rGFAGMO7M0Q/MXKHVntolpUPH5vz/1ca1qC16IO4kKjR/zkTTCAq//T3ITM
6O4Fa7r0JmDKif+I9to1CexLK8h8Bcqa7htMOAbOg9og+9kX9Xm1LKpywgsoU5Gy
bfyF9jsg0VIVGZP3wXPEf2c33sUQpQ8q1Y1objefxujRWOcIvm47qjvlWVkec/Da
Bn3TnmtQNPkKovp7vnwIZBeyNCkaFH803sM+x4U4exjHuykEMDLzoIhZ1+RVBkch
T9Xryu1NRXPUVIxbtKgBK8upbFq0sK02aD2HEHOkszCeEHRChKimTMQyO/vvagMH
Yj/vogJHEsOKpR/K6AAIxzbeEntBXmeS1EMq0XB6o0IgWM0kYlzEfJ5KBCRdnpcE
He1BfzyLSJmSXp4mAZh4
=xk8T
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message