tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Harris, Jeffrey E." <Jeffrey.Har...@ManTech.com>
Subject RE: Better SSL connector setup
Date Tue, 09 Apr 2013 12:17:07 GMT


> -----Original Message-----
> From: André Warnier [mailto:aw@ice-sa.com]
> Sent: Tuesday, April 09, 2013 6:04 AM
> To: Tomcat Users List
> Subject: Re: Better SSL connector setup
>
> Christopher Schultz wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA256
> >
> > Martin,
> >
> > On 4/8/13 8:25 PM, Martin Gainty wrote:
> >> Identification of keys and supported ciphers are an important for
> Key
> >> Exchange But before that happensThe certificates attributes are the
> >> only means the CA-Authority can verify the the name in the cert The
> >> certificate attributes should contain 1)1 and only 1 Hostname to
> >> contact 2)Identification information from a DN in LDAP or a suitably
> >> unique Name Service Server (ADS)allowing verification of client to a
> >> 'Name
> >> Service'http://docs.oracle.com/cd/E19575-01/820-
> 3885/gimog/index.html
> >>
> >>  Allowing your cert  to authenticate to n hosts invites 2n as many
> >> potential DOS attacks Not requiring DN would negate the CA-Authority
> >> ability to verify DN CN == SSL-Host. Think of online banking and
> >> clients need to circumvent forged sites as 'The official bank site'
> >> to send your money If you are FE with Apache you will want to
> >> configure in mod-sslhttp://www.modssl.org/
> >
> > Yes, you definitely want to make sure to download and install mod_ssl
> > into your your Apache 1.3 install on your Windows NT 3.5 server. All
> > of your Netscape clients will be able to access full 48-bit export
> > encryption over a modern HTTP 0.9 connection.
>
> And don't forget to check that your RS-232 dial-up modem can handle the
> increased baud-rate necessary for the SSL-encrypted data.
>

You can improve the performance of the existing RS-232 modem pool
by doing some ROT-13 and Fourier transforms prior to data encoding.
However, this does require the equivalent capability on the receiving side.

This e-mail and any attachments are intended only for the use of the addressee(s) named herein
and may contain proprietary information. If you are not the intended recipient of this e-mail
or believe that you received this email in error, please take immediate action to notify the
sender of the apparent error by reply e-mail; permanently delete the e-mail and any attachments
from your computer; and do not disseminate, distribute, use, or copy this message and any
attachments.
Mime
View raw message