httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Faby <myli...@serverlogistics.com>
Subject Re: [users@httpd] SSL the whole site
Date Sun, 25 Jan 2004 04:52:37 GMT
Hello,

> Redirect / https://servername.foo/

This is not desirable because it can easily be circumvented. If the
user requests any URL other then "/", it will not redirect the URL
to use SSL.

Something else you might want to consider is to add the following
to the <Directory> block for the SSL virtual host's DocumentRoot:

SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128

It will require clients to connect using the much stronger 128 bit
SSL rather then the relatively weak 56 bit.

HTH

Regards,
Aaron


----------------------------------------------------------------
Aaron Faby                                      Server Logistics
aaron@serverlogistics.com                    Phone: 888-886-4044
http://www.serverlogistics.com                 Fax: 323-372-3546
http://www.serverlogistics.com/publickeys/aaronfaby.gpgkey
----------------------------------------------------------------


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message