Upgrade Question

2003-10-01 Thread rmck 
I have an upgrade questions that I hope someone can help me with.  
I have mod_ssl-2.8.12-1.3.27 on solaris 8. I'm in the procees of upgrading openssl,
and then plan on moving to mod_ssl-2.8.15-1.3.28. 

1. For my current version of mod_ssl/apache will it break when I finsh the ssl 
upgrade??

2. Will i need to re-complie because of the new ssl version? ( I assume I will )

3. I also have a vaild cert from veriSign. Will I need to get an updated one when I'm 
done with the upgrades?

Thanks,
Rob
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Upgrade Question

2003-10-01 Thread rmck 
Thank You!

-Original Message-
From: Bruno Georges [EMAIL PROTECTED]
Sent: Oct 1, 2003 8:31 AM
To: [EMAIL PROTECTED]
Subject: Re: Upgrade Question

Rob
You will need to recompile after you installed openssl, also you need 
to get apache 1.3.28.
First install openssl, then mod_ssl and apache . Openssl as a very good 
readme about the installation process.

You don't need to upgrade your  certificate .

Bruno
On Wednesday, Oct 1, 2003, at 15:44 Europe/London, rmck wrote:

 I have an upgrade questions that I hope someone can help me with.
 I have mod_ssl-2.8.12-1.3.27 on solaris 8. I'm in the procees of 
 upgrading openssl,
 and then plan on moving to mod_ssl-2.8.15-1.3.28.

 1. For my current version of mod_ssl/apache will it break when I finsh 
 the ssl upgrade??

 2. Will i need to re-complie because of the new ssl version? ( I 
 assume I will )

 3. I also have a vaild cert from veriSign. Will I need to get an 
 updated one when I'm done with the upgrades?

 Thanks,
 Rob
 __
 Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
 User Support Mailing List  [EMAIL PROTECTED]
 Automated List Manager[EMAIL PROTECTED]


Bruno Georges
Xbridge Ltd
Tel: +44 (0) 207 378 9830
Mob: +44 (0) 787 988 4895

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Virtual Host question?

2003-06-18 Thread rmck 
Hello,

I have an apache1.3.27/mod_ssl2.8.12. I was told today I needed to fix this issue with 
my web server HTTP TRACE Enabled. 

Now I have module mod_rewrite as a Loaded Module. The fix for this is as follows:

If you are using Apache, add the following lines for each virtual
host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]

I'm confused about where to place this in my httpd.conf? 

I have two virtual hosts in my httpd.conf file. Does this look correct, thanks alot 
for your help:


VirtualHost 111.111.111.111
Redirect / https://host.company.com/
Servername host.company.com
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
/VirtualHost


VirtualHost _default_:443
 
#  General setup for the virtual host
DocumentRoot /opt/apache/htdocs
ServerName host.company.com
ServerAdmin [EMAIL PROTECTED]
ErrorLog /opt/apache/logs/error_log
TransferLog /opt/apache/logs/access_log
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on
#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate.
#   See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
/
# this only for browsers where you know that their SSL implementation
# works correctly.
#   Notice: Most problems of broken clients are also related to the HTTP
#   keep-alive facility, so you usually additionally want to disable
#   keep-alive for those clients, too. Use variable nokeepalive for this.
#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
#   their broken HTTP/1.1 implementation. Use variables downgrade-1.0 and
#   force-response-1.0 for this.
SetEnvIf User-Agent .*MSIE.* \
 nokeepalive ssl-unclean-shutdown \
 downgrade-1.0 force-response-1.0
 
#   Per-Server Logging:
#   The home of a custom SSL log file. Use this when you want a
#   compact non-error SSL logfile on a virtual host basis.
CustomLog /opt/apache/logs/ssl_request_log \
  %t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b
 
/VirtualHost



Regards,
Rob

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Virtual Host question?

2003-06-18 Thread rmck 
Hello,

I have an apache1.3.27/mod_ssl2.8.12. I was told today I needed to fix this issue with 
my web server HTTP TRACE Enabled. 

Now I have module mod_rewrite as a Loaded Module. The fix for this is as follows:

If you are using Apache, add the following lines for each virtual
host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]

I'm confused about where to place this in my httpd.conf? 

I have two virtual hosts in my httpd.conf file. Does this look correct, thanks alot 
for your help:


VirtualHost 111.111.111.111
Redirect / https://host.company.com/
Servername host.company.com
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
/VirtualHost


VirtualHost _default_:443
 
#  General setup for the virtual host
DocumentRoot /opt/apache/htdocs
ServerName host.company.com
ServerAdmin [EMAIL PROTECTED]
ErrorLog /opt/apache/logs/error_log
TransferLog /opt/apache/logs/access_log
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on
#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate.
#   See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
/
# this only for browsers where you know that their SSL implementation
# works correctly.
#   Notice: Most problems of broken clients are also related to the HTTP
#   keep-alive facility, so you usually additionally want to disable
#   keep-alive for those clients, too. Use variable nokeepalive for this.
#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
#   their broken HTTP/1.1 implementation. Use variables downgrade-1.0 and
#   force-response-1.0 for this.
SetEnvIf User-Agent .*MSIE.* \
 nokeepalive ssl-unclean-shutdown \
 downgrade-1.0 force-response-1.0
 
#   Per-Server Logging:
#   The home of a custom SSL log file. Use this when you want a
#   compact non-error SSL logfile on a virtual host basis.
CustomLog /opt/apache/logs/ssl_request_log \
  %t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b
 
/VirtualHost



Regards,
Rob

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Virtual Host question?

2003-06-18 Thread rmck 
Hello,

I have an apache1.3.27/mod_ssl2.8.12. I was told today I needed to fix
this issue with my web server HTTP TRACE Enabled. 

Now I have module mod_rewrite as a Loaded Module. The fix for this is as
follows:

If you are using Apache, add the following lines for each virtual
host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]

I'm confused about where to place this in my httpd.conf? 

I have two virtual hosts in my httpd.conf file. Does this look correct,
thanks alot for your help:


-VirtualHost 111.111.111.111-
Redirect / https://host.company.com/
Servername host.company.com
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
-/VirtualHost-


-VirtualHost _default_:443-
 
#  General setup for the virtual host
DocumentRoot /opt/apache/htdocs
ServerName host.company.com
ServerAdmin [EMAIL PROTECTED]
ErrorLog /opt/apache/logs/error_log
TransferLog /opt/apache/logs/access_log
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on
#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate.
#   See the mod_ssl documentation for a complete list.
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
/
# this only for browsers where you know that their SSL implementation
# works correctly.
#   Notice: Most problems of broken clients are also related to the HTTP
#   keep-alive facility, so you usually additionally want to disable
#   keep-alive for those clients, too. Use variable nokeepalive for
this.
#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
#   their broken HTTP/1.1 implementation. Use variables downgrade-1.0
and
#   force-response-1.0 for this.
SetEnvIf User-Agent .*MSIE.* \
 nokeepalive ssl-unclean-shutdown \
 downgrade-1.0 force-response-1.0
 
#   Per-Server Logging:
#   The home of a custom SSL log file. Use this when you want a
#   compact non-error SSL logfile on a virtual host basis.
CustomLog /opt/apache/logs/ssl_request_log \
  %t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b
 
-/VirtualHost-



Regards,
Rob

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Apache-SSL vs mod_ssl

2003-01-22 Thread rmck 
Whats the benefit of mod_ssl compared to Apache-SSL???

Thanks
Rob
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]