Holger Reif wrote:
>
> Ben Laurie schrieb:
> >
> > I've checked through your ideas and it seems to me that they could be
> > made to work with Apache-SSL (and hence, probably, mod_ssl), so long as
> > the keys don't have passphrases.
> >
> > The point of the preload of keys/certs its to get passphrases while you
> > still have a tty, nothing else.
>
> If this is really the case then you can even go with
> passphrase protected keys. At least mod_ssl has pass
> phrase caching, so you only need to load them once
> completely to get the passphrases and then load them
> whenever you need them.
I consider passphrase caching to be an unacceptable security risk.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
