tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Better SSL connector setup
Date Tue, 09 Apr 2013 10:04:20 GMT
Christopher Schultz wrote:
> Hash: SHA256
> Martin,
> On 4/8/13 8:25 PM, Martin Gainty wrote:
>> Identification of keys and supported ciphers are an important for
>> Key Exchange But before that happensThe certificates attributes are
>> the only means the CA-Authority can verify the the name in the
>> cert The certificate attributes should contain 1)1 and only 1
>> Hostname to contact 2)Identification information from a DN in LDAP
>> or a suitably unique Name Service Server (ADS)allowing verification
>> of client to a 'Name
>> Service'
>>  Allowing your cert  to authenticate to n hosts invites 2n as many
>> potential DOS attacks Not requiring DN would negate the
>> CA-Authority ability to verify DN CN == SSL-Host. Think of online
>> banking and clients need to circumvent forged sites as 'The
>> official bank site' to send your money If you are FE with Apache
>> you will want to configure in mod-ssl
> Yes, you definitely want to make sure to download and install mod_ssl
> into your your Apache 1.3 install on your Windows NT 3.5 server. All
> of your Netscape clients will be able to access full 48-bit export
> encryption over a modern HTTP 0.9 connection.

And don't forget to check that your RS-232 dial-up modem can handle the increased 
baud-rate necessary for the SSL-encrypted data.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message