At 02:22 AM 8/19/2003 -0400, you wrote:
On Wed, 20 Aug 2003, Henrik Bentel wrote:
Now, all my ssl configuration is under my secure virtual host, such that it
applies to everything. However, I have quite a bit static content(images,
css, javascript.,...) which doesn't need to be very secure. I somewhat only
want to secure my dynamic content.
If I understand your question correctly, what you're wanting is to have
some web page that's served up with https, but to have the images on that
page be served by regular http. You could do that, but every browser I
know of will throw a security warning in that case. You can't mix secure
and non-secure content in the same document.
Does that answer your question?
Hi
not quite.
I still want everything under https, but I was wondering if there is a way
to speed up processing per directory directive but still use https, such as
my image -directory.
Currently I have everything for ssl configured in the virtual host and
server config. SSL configuration included below.
Certificate is self signed from 1024 bit RSA key.
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/var/opt/apache/run/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex sem
#SSLMutex file:/var/opt/apache/run/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
ErrorLog /var/log/httpd/secure_error_log
CustomLog /var/log/httpd/secure_access_log common
LogLevel warn
VirtualHost 192.168.1.1:443
ServerName 192.168.1.1
DocumentRoot /opt/mydocRoot
ErrorLog /var/log/httpd/secure_error_log
TransferLog /var/log/httpd/secure_access_log
LogLevel warn
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /opt/app/conf/mycert.crt
SSLCertificateKeyFile /opt/app/conf/mycert.key
SetEnvIf User-Agent .*MSIE.* \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
#CustomLog /var/log/httpd/ssl_request_log %t %h %{SSL_PROTOCOL}x
%{SSL_CIPHER}x \%r\ %b
/VirtualHost
-Henrik Bentel
--Cliff
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]