https://bz.apache.org/bugzilla/show_bug.cgi?id=66016
--- Comment #2 from SkyFly222 <[email protected]> --- (In reply to Joe Orton from comment #1) > I'm not sure what "password encryption is stored in plaintext" means. > > With mod_ssl you can do any of: > > a) use a plaintext-on-disk key file > b) use an encrypted-on-disk key file which is unencrypted in memory using a > passphrase supplied at startup > c) use a PKCS#11 module which encapsulates the key (e.g. in hardware) https://cwiki.apache.org/confluence/display/HTTPD/SettingUpModSSL <IfModule mod_ssl.c> SSLEngine on SSLProtocol TLSv1.2 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-DSS-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:DHE-DSS-AES128-SHA256:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!DHE SSLCertificateFile /etc/server.crt SSLCertificateKeyFile /etc/server.key SSLVerifyDepth 10 SSLOptions +StdEnvVars </IfModule> When apache starts, /etc/server.key is plaintext(In reply to Joe Orton from comment #1) > I'm not sure what "password encryption is stored in plaintext" means. > > With mod_ssl you can do any of: > > a) use a plaintext-on-disk key file > b) use an encrypted-on-disk key file which is unencrypted in memory using a > passphrase supplied at startup > c) use a PKCS#11 module which encapsulates the key (e.g. in hardware) -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
