> Roberto Hoyle wrote: > >> Given how often this error comes up, I have to ask, why is OpenCA >> checking this? Isn't this really part of the web server >> configuration? >> Instead of duplicating work that already exists in Apache, why not >> just >> make a document specifying how to configure it properly so that only >> the right symmetric keylength and/or protocol can access the server?
OpenCA checks this because there were a lot of trouble with misconfigured Apaches. The problem is that many users don't detect such problems. So we decide to integrate a component which can enforce a policy. The CA admins configure OpenCA to enforce a minimum security level. If the Apache is misconfigured then OpenCA protects it's integrity by blocking any operations of this unsecure source. Michael ------------------------------------------------------- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
