Brian's stupid Apache+SSL questions of the day
Brian Densmore
DensmoreB at ctbsonline.com
Thu Jan 11 17:33:32 CST 2001
I sent an e-mail this morning, but it looks like it didn't get posted.
I have DNS, Sendmail, and Apache+SSL+PHP working on my server now. Apache is
listening and answering on ports 80 and 443. HTTP and HTTPS are both working
(with one minor config problem for one domain). I have created a certificate
and signed it myself (I don' need no stinking CA, I am the CA!). Netscape
reports that the certificate is either invalid or unknown (yeah,yeah), that
I am using MD5 RSA v3 with 40 of 128 bits encrypted and SSL version
TLSv1/SSLv3.
Questions:
Does this mean I have an encrypted channel open between the client and the
server? Is it safe to now transmit usernames and passwords over this htttps
connection? Or do I have to turn on more strict verification?
I am going to turn up the encryption to 128bit and maybe a different cipher
later, I just wanted to get it working.
Thanks,
Brian Densmore
Associate
Computech Business Solutions
voice: (816) 880-0988
fax: (816) 880-0998
:-{)>
More information about the Kclug
mailing list