On Fri, 15 Feb 2002, Matus "fantomas" Uhlar wrote:
> -> > I'd like to know, how does modssl decide which port is ssl and which one is
> -> > non-ssl? if I bind apache to two ports, how to tell which one should be used
> -> > for ssl connects and which one for non-ssl connects?
> ->
> -> Apache is the process - mod_ssl is just a module. Only port 80 is
> -> listened to by default by apache so to get SSL to work you must
> -> explicitly say "Listen 443".
>
> Yes i know that :) The question is - how will mod_ssl know that it should
> process connections on port 443 and not on port 80.
For one, it's a standard well known port:
darkstar:~# grep 443 /etc/services
https 443/tcp https # http protocol over
TLS/SSL
for two, it would most likely be part of your httpd.conf, with the listen
directive.
Get to know your /etc/services file and know it well, and if you have one
not, or a sparse one, do a google search, the well know port/protocol
combos are well documented on various url's out there...
>
> -> > Another question. if I run http on port 80 and httpd on port 443, and I
> -> > define only one virtualhost:
> -> >
> -> > <VirtualHost ip.address>
> -> > ServerName blablabla
> -> > </VirtualHost>
> -> >
> -> > will that virtualhost be available via both ports/protocols?
> ->
> -> I guess so... but this not a good idea since SSL requires lots of extra
> -> directives (like "SSLEngine on" - how they would interact with the HTTP
> -> host is not obvious...
>
> hmmm. I think I can put genric SSL directives into server's config and none
> special are _required_ for virtualhosts. I just have some virtualhosts and
> wish to give access to all of them without reconfiguring them.
> And that ebout sslengine was exactly hat i wanteddo know. couls i turnon
> SSLEngine on for all connections to one port and turn it off for all
> connections on other port?
>
Have you actually parsed through the defult httpd.conf file that is
installed when you compile the openssl/mod-ssl/apache combo <some folks
will ass in MM in that combo> It's pretty well documented, and reading
through it as one parses the FAQ and other documentation included is
always a good starting point.
> -> > Or, do I need to define two virtualhosts, one on port 80 without ssl and one
> -> > on 443 with ssl?
> ->
> -> This is a much better idea - keep the SSL and HTTP hosts completely
> -> separate, you will sleep better.
>
>
Thanks,
Ron DuFresne
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
testing, only testing, and damn good at it too!
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
