Bruce,
Seeing noone's answered you yet, I'll make and somewhat educated
response. If you set up the second server to use SSL (I'm assuing you
did, hence port 443), then all the traffic to that server is encrypted.
Brad Waite
"Bruce B. Platt" wrote:
>
> I have a port 80, non-SSL site created for my family which has user
> authentication configured as follows in access.conf:
>
> AuthName "Restricted Access"
> AuthType Basic
> AuthUserFile /usr/local/apache/etc/athorized-users
>
> require valid-user
>
> I have just installed installed Apache mith mod-ssl which I find a great
> improvement over Apache-SSL in terms of ease of use.
>
> My question is this.
>
> I set up a virtual server on port 443 for the above referenced site, using
> the same lines from access.conf on both the port 80 and the port 443 servers.
>
> It appears as if the user-authentication dialog takes place using export
> grade RC4 and MD5 encryption even though the browser doesn't show a "lock
> or key" secure symbol while the user-name and password authentication box
> ispresented on the screen. I suspect this from examining the following
> lines from the ssl_request_log:
>
> [11/Dec/1998:17:15:00 -0500] server.domain.com SSLv3 EXP-RC4-MD5 "GET /
> HTTP/1.0" 474
> [11/Dec/1998:17:15:24 -0500] server.domain.com SSLv3 EXP-RC4-MD5 "GET /
> HTTP/1.0" 2308
> [11/Dec/1998:17:15:25 -0500] server.domain.com SSLv3 EXP-RC4-MD5 "GET
> /_derived/index.html_cmp_global100_bnr.gif HTTP/1.0" 3593
> [11/Dec/1998:17:15:25 -0500] server.domain.com SSLv3 EXP-RC4-MD5 "GET
> /_themes/global/glotextb.gif HTTP/1.0" 181
>
> The first line from the log (above) is written to the log as the user-name
> and password dialogue box is presented to the browser. The remaining lines
> appear in the log after the user has entered their user-name and password,
> and the index page is retreived from the server. The "secure" synbol
> appears in the browser window at this point.
>
> Am I correct in assuming that the username and password which the user
> enters are encrypted in transmission?
>
> Thank you and regards,
>
> Bruce
>
> ______________________________________________________________________
> Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
> Official Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
