Upgrade Question
I have an upgrade questions that I hope someone can help me with. I have mod_ssl-2.8.12-1.3.27 on solaris 8. I'm in the procees of upgrading openssl, and then plan on moving to mod_ssl-2.8.15-1.3.28. 1. For my current version of mod_ssl/apache will it break when I finsh the ssl upgrade?? 2. Will i need to re-complie because of the new ssl version? ( I assume I will ) 3. I also have a vaild cert from veriSign. Will I need to get an updated one when I'm done with the upgrades? Thanks, Rob __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Upgrade Question
Thank You! -Original Message- From: Bruno Georges [EMAIL PROTECTED] Sent: Oct 1, 2003 8:31 AM To: [EMAIL PROTECTED] Subject: Re: Upgrade Question Rob You will need to recompile after you installed openssl, also you need to get apache 1.3.28. First install openssl, then mod_ssl and apache . Openssl as a very good readme about the installation process. You don't need to upgrade your certificate . Bruno On Wednesday, Oct 1, 2003, at 15:44 Europe/London, rmck wrote: I have an upgrade questions that I hope someone can help me with. I have mod_ssl-2.8.12-1.3.27 on solaris 8. I'm in the procees of upgrading openssl, and then plan on moving to mod_ssl-2.8.15-1.3.28. 1. For my current version of mod_ssl/apache will it break when I finsh the ssl upgrade?? 2. Will i need to re-complie because of the new ssl version? ( I assume I will ) 3. I also have a vaild cert from veriSign. Will I need to get an updated one when I'm done with the upgrades? Thanks, Rob __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] Bruno Georges Xbridge Ltd Tel: +44 (0) 207 378 9830 Mob: +44 (0) 787 988 4895 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Virtual Host question?
Hello, I have an apache1.3.27/mod_ssl2.8.12. I was told today I needed to fix this issue with my web server HTTP TRACE Enabled. Now I have module mod_rewrite as a Loaded Module. The fix for this is as follows: If you are using Apache, add the following lines for each virtual host in your configuration file : RewriteEngine on RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F] I'm confused about where to place this in my httpd.conf? I have two virtual hosts in my httpd.conf file. Does this look correct, thanks alot for your help: VirtualHost 111.111.111.111 Redirect / https://host.company.com/ Servername host.company.com RewriteEngine On RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F] /VirtualHost VirtualHost _default_:443 # General setup for the virtual host DocumentRoot /opt/apache/htdocs ServerName host.company.com ServerAdmin [EMAIL PROTECTED] ErrorLog /opt/apache/logs/error_log TransferLog /opt/apache/logs/access_log RewriteEngine On RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F] # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL / # this only for browsers where you know that their SSL implementation # works correctly. # Notice: Most problems of broken clients are also related to the HTTP # keep-alive facility, so you usually additionally want to disable # keep-alive for those clients, too. Use variable nokeepalive for this. # Similarly, one has to force some clients to use HTTP/1.0 to workaround # their broken HTTP/1.1 implementation. Use variables downgrade-1.0 and # force-response-1.0 for this. SetEnvIf User-Agent .*MSIE.* \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # Per-Server Logging: # The home of a custom SSL log file. Use this when you want a # compact non-error SSL logfile on a virtual host basis. CustomLog /opt/apache/logs/ssl_request_log \ %t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b /VirtualHost Regards, Rob __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Virtual Host question?
Hello, I have an apache1.3.27/mod_ssl2.8.12. I was told today I needed to fix this issue with my web server HTTP TRACE Enabled. Now I have module mod_rewrite as a Loaded Module. The fix for this is as follows: If you are using Apache, add the following lines for each virtual host in your configuration file : RewriteEngine on RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F] I'm confused about where to place this in my httpd.conf? I have two virtual hosts in my httpd.conf file. Does this look correct, thanks alot for your help: VirtualHost 111.111.111.111 Redirect / https://host.company.com/ Servername host.company.com RewriteEngine On RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F] /VirtualHost VirtualHost _default_:443 # General setup for the virtual host DocumentRoot /opt/apache/htdocs ServerName host.company.com ServerAdmin [EMAIL PROTECTED] ErrorLog /opt/apache/logs/error_log TransferLog /opt/apache/logs/access_log RewriteEngine On RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F] # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL / # this only for browsers where you know that their SSL implementation # works correctly. # Notice: Most problems of broken clients are also related to the HTTP # keep-alive facility, so you usually additionally want to disable # keep-alive for those clients, too. Use variable nokeepalive for this. # Similarly, one has to force some clients to use HTTP/1.0 to workaround # their broken HTTP/1.1 implementation. Use variables downgrade-1.0 and # force-response-1.0 for this. SetEnvIf User-Agent .*MSIE.* \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # Per-Server Logging: # The home of a custom SSL log file. Use this when you want a # compact non-error SSL logfile on a virtual host basis. CustomLog /opt/apache/logs/ssl_request_log \ %t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b /VirtualHost Regards, Rob __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Virtual Host question?
Hello, I have an apache1.3.27/mod_ssl2.8.12. I was told today I needed to fix this issue with my web server HTTP TRACE Enabled. Now I have module mod_rewrite as a Loaded Module. The fix for this is as follows: If you are using Apache, add the following lines for each virtual host in your configuration file : RewriteEngine on RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F] I'm confused about where to place this in my httpd.conf? I have two virtual hosts in my httpd.conf file. Does this look correct, thanks alot for your help: -VirtualHost 111.111.111.111- Redirect / https://host.company.com/ Servername host.company.com RewriteEngine On RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F] -/VirtualHost- -VirtualHost _default_:443- # General setup for the virtual host DocumentRoot /opt/apache/htdocs ServerName host.company.com ServerAdmin [EMAIL PROTECTED] ErrorLog /opt/apache/logs/error_log TransferLog /opt/apache/logs/access_log RewriteEngine On RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F] # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL / # this only for browsers where you know that their SSL implementation # works correctly. # Notice: Most problems of broken clients are also related to the HTTP # keep-alive facility, so you usually additionally want to disable # keep-alive for those clients, too. Use variable nokeepalive for this. # Similarly, one has to force some clients to use HTTP/1.0 to workaround # their broken HTTP/1.1 implementation. Use variables downgrade-1.0 and # force-response-1.0 for this. SetEnvIf User-Agent .*MSIE.* \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # Per-Server Logging: # The home of a custom SSL log file. Use this when you want a # compact non-error SSL logfile on a virtual host basis. CustomLog /opt/apache/logs/ssl_request_log \ %t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b -/VirtualHost- Regards, Rob __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Apache-SSL vs mod_ssl
Whats the benefit of mod_ssl compared to Apache-SSL??? Thanks Rob __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]