On Wed, Jul 25, 2012 at 4:15 PM, Tom Browder <tom.brow...@gmail.com> wrote: > On Wed, Jul 25, 2012 at 3:40 PM, Ted Byers <r.ted.by...@gmail.com> wrote: >> On Wed, Jul 25, 2012 at 4:03 PM, Tom Browder <tom.brow...@gmail.com> wrote: ... >> Thanks. Let me know when I can take a look at yor script. I'd also like to >> hear about how you harden your servers. > > Roger--I plan to put all that on my blog later. I've been relying > heavily on several books, which I'll mention after I get home to my > bookshelf ("Apache Security" is one of them).
The book "Apache Security" is by Ivan Ristic, published in March 2005. The other one I have is "Preventing Web Attacks With Apache" by Ryan C. Barnett, published in 2006. Both books have been very helpful, along with the Apache 2.4 site docs for SSL. Another great source is this link: https://www.ssllabs.com/ where they have several interesting projects including a program to rate a site's security, and some good papers including one on "SSL/TLS Deployment Best Practices" and one entitled "SSL Server Rating Guide." Best regards. -Tom ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org