Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)
Chris, I've downloaded your files just to make sure I have them. Do you think .tgz files will be needed or are the access for those a little better than the Win32 files? When everything is set, I'll give you the link/links to the files. As a secondary thought, I suppose I could just set you up with an ftp account to upload files as needed. Ken - Original Message - From: hunter [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 26, 2002 1:48 AM Subject: Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip) Ken Campney wrote: ERRR. Do I have the right file name?? lol What ever the file name/names in need of a depot is, I'm assuming it was Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip Ken - Original Message - From: Ken Campney [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 25, 2002 10:42 PM Subject: Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip) Ken, I copied the filename conventions from the previous versions ... looked at them to see what they contain, so as to remain consistent. A large number of people still want to use the Apache 1.3.26, with fixed OpenSSL - I am using Apache 2.0.40 (soon to move to 2.0.42). I can make any version, but this is the most popular right now. OpenSA has a nice distribution, but I have not checked to see what rev's they are at. Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip - contains Apache 1.3.26 and Mod_SSL 2.8.10, binaries built with OpenSSL libs, etc. Openssl-0.9.6g-Win32.zip - contains only OpenSSL binaries The parts are not so well integrated as they are with Apache 2.0.42. Apache_2.0.42-OpenSSL_0.9.6g-Win32.zip - contains all 3 parts - Mod_SSL is built into Apache 2 and the make like to put the OpenSSL binaries into the Apache/bin directory. Actual urls... http://tor.ath.cx/~hunter/apache/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g -Win32.zip http://tor.ath.cx/~hunter/apache/Openssl-0.9.6g-Win32.zip http://tor.ath.cx/~hunter/apache/Apache_2.0.42-OpenSSL_0.9.6g-Win32.zip I hope I did not misunderstood what you wanted ... (I talk too much) Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Configure SSL on Debian Linux Server
Hi all , I am naive to SSL technologies. We are trying to install SSL on Debian Linux Server. We are having a Debian released Apache version . Where I can get good documentation about installing SSL on Debian Linux. What all do I need to configure the SSL ? As far as my knowledge , we need to install Open-SSL along with mod-ssl on the server and set the necessary config files. Am I right? The server we are using is going to host some applications/ web pages , which are accessed from PDA phones. , I appreciate if any one can brief how and where to start with. Thanks in advance Regards Ibrahim --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.391 / Virus Database: 222 - Release Date: 9/19/2002 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Is anyone doing this!?!
On Wed, 25 Sep 2002 16:24:22 -0500 Rick Kukiela [EMAIL PROTECTED] wrote: I need to know if anyone else is doing this successfully... loading apache aware ssl with multiple vhosts --- all with their own PEM passphrase on their key files --- and each has thier own PassPhraseDialog exec: line where it gets the password from... if you do this sucessfully, can you please send a part of ur httpd.conf file so I can see how you are doing it, the way im doing it is messing it up because what it ends up doing is taking the very last occurance of the PassPhraseDialog directive and uses it for ALL of the sites when it should us each one for each site respectively... If you are talking about Name Based Virtual Hosts (same ip:port, but different names) you are out of luck. You can't present different certificates with Name Based Virtual Hosts, because the Hostname is not known by the server at the time it should present the certificate. The hostname is only present in the http headers, which are transmitted _after_ the SSL handshake. Otherwise, I'd suggest you send your config file so people can tell you what's wrong. Bye Tim any help? __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Configure SSL on Debian Linux Server
apt-get install libapache-mod-ssl And then check your configuration file that you are loading the module and have a key and certificate. James Debian Developer. [EMAIL PROTECTED] 09/26/02 05:58am Hi all , I am naive to SSL technologies. We are trying to install SSL on Debian Linux Server. We are having a Debian released Apache version . Where I can get good documentation about installing SSL on Debian Linux. What all do I need to configure the SSL ? As far as my knowledge , we need to install Open-SSL along with mod-ssl on the server and set the necessary config files. Am I right? The server we are using is going to host some applications/ web pages , which are accessed from PDA phones. , I appreciate if any one can brief how and where to start with. Thanks in advance Regards Ibrahim --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.391 / Virus Database: 222 - Release Date: 9/19/2002 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)
Ken Campney wrote: Chris, I've downloaded your files just to make sure I have them. Do you think .tgz files will be needed or are the access for those a little better than the Win32 files? When everything is set, I'll give you the link/links to the files. As a secondary thought, I suppose I could just set you up with an ftp account to upload files as needed. Ken - Original Message - From: hunter [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 26, 2002 1:48 AM Subject: Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip) Ken Campney wrote: ERRR. Do I have the right file name?? lol What ever the file name/names in need of a depot is, I'm assuming it was Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip Ken - Original Message - From: Ken Campney [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 25, 2002 10:42 PM Subject: Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip) Ken, I copied the filename conventions from the previous versions ... looked at them to see what they contain, so as to remain consistent. A large number of people still want to use the Apache 1.3.26, with fixed OpenSSL - I am using Apache 2.0.40 (soon to move to 2.0.42). I can make any version, but this is the most popular right now. OpenSA has a nice distribution, but I have not checked to see what rev's they are at. Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip - contains Apache 1.3.26 and Mod_SSL 2.8.10, binaries built with OpenSSL libs, etc. Openssl-0.9.6g-Win32.zip - contains only OpenSSL binaries The parts are not so well integrated as they are with Apache 2.0.42. Apache_2.0.42-OpenSSL_0.9.6g-Win32.zip - contains all 3 parts - Mod_SSL is built into Apache 2 and the make like to put the OpenSSL binaries into the Apache/bin directory. Actual urls... http://tor.ath.cx/~hunter/apache/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g -Win32.zip http://tor.ath.cx/~hunter/apache/Openssl-0.9.6g-Win32.zip http://tor.ath.cx/~hunter/apache/Apache_2.0.42-OpenSSL_0.9.6g-Win32.zip I hope I did not misunderstood what you wanted ... (I talk too much) Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] Ken, The sources are always easy to get, at least from my experience. The problem lies in the fact that Windows machines do not have a compiler. I am on the lists, so I know when people are looking for a new build (security alert for example). It does not take me long to buld the code. Te most common problem for anyone trying to build the code is to get the build machine set up properly; I plan to address this soon, with a How-To doc. It makes the most sense to have ftp access, I guess. But, that can go either way. I can also provide you with an ftp account on my server as well. It is more expedient for me to make the code and put it on your server. It mitgates some of the risks of using the code, by restricting who has write access to it. I generally warn people that I did not build a properly configured server with the older builds and leave it up to them to test it. I will respond to problems caused by a bad build. The new code, I am using (testing) and know first hand if I mess up the build. Generally though, once you get the build working it is reliable -- I don't have to code anything afterall ... just follow instructions. My personal email account is [EMAIL PROTECTED] If you hit my index.html on tor.ath.cx you will get a 'new install page' for IIS ... my idea of humor ... my server is for friends and they know enough to look for an 'easter egg' - click the Icon. My internet server is a Linux box, I build and use the Windows code for my employer, where I manage more than 20,000 installations of Apache. I will touch bases with you later. Thanks again. Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Is anyone doing this!?!
Hi! On Thu, Sep 26, 2002 at 10:41:36AM -0500, Rick Kukiela wrote: What I need to know is, if there is away for each virtualhost to have its OWN PassPhraseDialog directive. Right now I try to do that and It just uses the last occurence of the passphrasedialog directive for EVERY virtualhost. So basically its trying to use the Password for the last virtualhost on all of the virtual hosts. You can see my problem now? If you set a program for PassPhraseDialog (i.e. exec:/path/to/program), this program's first parameter will be the name of the virtual host whose password's being requested. HTH. Ciao Thomas __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Cryptoswift + Apache 2.0
Hi, Just got back from travelling and you don't seem to have had a reply to this so here goes. On Fri, 13 Sep 2002, Estrade Matthieu wrote: I am actually running Apache 2.0 with mod_proxy (reverse-proxy) and SSL, on a Linux Redhat 7.2 dual AMD athlon 2Ghz MP with 1GB RAM. I am using an hardware accelerator Rainbow Cryptoswift 600. (for 600 TPS). When i benchmark the server without the reverse proxy with a local document, i have 560 TPS. When i benchmark the server with reverse proxy, i have 9 TPS... During all the test, the cryptoswift is blinking a little... and my cpu are only 5% loaded... The obvious suggestion would be that the machine you're reverse proxying to is the reason for the slow-down. Cheers, Geoff -- Geoff Thorpe [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Is anyone doing this!?!
Wo thanks man, finally some help! much appreciated! Rick - Original Message - From: Thomas Binder [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 26, 2002 10:54 AM Subject: Re: Is anyone doing this!?! Hi! On Thu, Sep 26, 2002 at 10:41:36AM -0500, Rick Kukiela wrote: What I need to know is, if there is away for each virtualhost to have its OWN PassPhraseDialog directive. Right now I try to do that and It just uses the last occurence of the passphrasedialog directive for EVERY virtualhost. So basically its trying to use the Password for the last virtualhost on all of the virtual hosts. You can see my problem now? If you set a program for PassPhraseDialog (i.e. exec:/path/to/program), this program's first parameter will be the name of the virtual host whose password's being requested. HTH. Ciao Thomas __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
How to Benchmark SSL on Apache based servers?
Title: How to Benchmark SSL on Apache based servers? Hi, Is it possible to benchmark the server load with mod_ssl enabled on Apache? Is there particular software that can do this? Thanks, Rob
How to Benchmark SSL on Apache based servers?
Due to unaviodable circumstances, I am away from the office until the Monday 30th September 2002 I will get back to you as soon as i can on my return. If it's an urgent Online Learning Support Unit / Web/ MUBSWEB/ MUBS Online matter that requires urgent attention then please contact either Kirsteen1, Sanjay1 or Jeff1 who should be able to help. If the problem relates to mubsweb please contact sanjay1 If the probelm relates to OASIS or WebCT please contact Kirsteen1 If your query relates to mbs or it support please contact Jeff1 All the best Alex __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)
To everybody following this discussion, I have located the following :) This information was obtained from http://www.bis.doc.gov/Encryption/EncFAQs6_17_02.html#6 When is a review request or notification NOT required? No review or notification is required to export any encryption item to overseas subsidiaries of U.S. companies (except subsidiaries in Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria - this includes exports and reexports, as defined by Section 734.2 of the EAR, of encryption source code and technology to foreign nationals of these countries) for internal company use, including the development of new products. Likewise, no review or notification is required for encryption items with limited cryptographic capabilities described in the Technical and Related Control notes under ECCN 5A002 of Category 5, Part 2 (Information Security) of the Commerce Control List (Supplement No. 1 to Part 774 of the EAR), such as authentication, access control, digital signature, copy protection, banking use or money transactions __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]