Also, here is my ssl.conf:
-
LoadModule ssl_module modules/mod_ssl.so
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl.crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLCryptoDevice builtin
SSLProtocol +All
SSLCipherSuite HIGH:MEDIUM:+SHA1:+NULL:+aNULL:+eNULL
SSLRandomSeed startup file:/dev/urandom 1024
SSLRandomSeed connect file:/dev/urandom 1024
SSLProxyEngine off
---
Then I setup my vhost like:
VirtualHost myIP:443
DocumentRoot /var/www/websitename/
ServerName websitename
ErrorLog /var/log/httpd/websitename-ssl-error.log
CustomLog /var/log/httpd/websitename-ssl-access.log common
sslengine on
sslcertificatefile /etc/httpd/ssl/websitename/websitename.crt
sslcertificatekeyfile /etc/httpd/ssl/websitename/websitename.key
/VirtualHost
Right now I am using sslengine off and doing none encryption over 443, but I
really need to make encryption optional on the same port.
Any ideas?
- Original Message -
From: Cliff Woolley [EMAIL PROTECTED]
To: modssl-users@modssl.org
Sent: Friday, October 14, 2005 7:36 AM
Subject: Re: Is it possible to not force SSL on port:443?
On 10/14/05, Pigeon [EMAIL PROTECTED] wrote:
I am helping someone develop a product, and for the next little bit he
will
need to access port 443 with out the communication being encrypted (aka he
could telnet to it if he wanted).
But in the very near future, he will want to make 443 encrypted..
Is it possible to not force encryption on port443?
Sure... you just tell Apache to listen on that port and don't turn the
SSLEngine on. :)
Or are you asking how to make it *optional*? You can do that too --
as long as SSLRequireSSL isn't set, it should work.
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]