|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
different ways to disable https in apache...
From: Joe Schmoe (non_secure
yahoo.com)
Date: Fri May 13 2005 - 10:54:54 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello,
I built apache+openssl+mod_ssl. It is working fine,
and I have been starting the server with:
apachectl startssl
Recently, however, I have decided that I will not be
doing anything over https (for a while, at least) with
this web server, so for security reasons, I want to
only run on port 80.
So now I start the server with:
apachectl start
And it runs without SSL. My question is, is starting
the SSl enabled apache like this, and running it
without SSL exactly the same security-wise as running
a copy of apache without SSL at all ? That is, SSL
libraries, etc., can have vulnerabilities in them, and
am I still vulnerable to those problems even if I am
running only on port 80 ?
What kinds of attacks might I _not_ be insulating
myself against by simply not running SSL, vs.
reinstalling without it ?
thanks,
__________________________________
Yahoo! Mail Mobile
Take Yahoo! Mail with you! Check email on your mobile phone.
http://mobile.yahoo.com/learn/mail
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]