On Wed, Jul 25, 2012 at 4:15 PM, Tom Browder <[email protected]> wrote: > On Wed, Jul 25, 2012 at 3:40 PM, Ted Byers <[email protected]> wrote: >> On Wed, Jul 25, 2012 at 4:03 PM, Tom Browder <[email protected]> wrote: ... >> Thanks. Let me know when I can take a look at yor script. I'd also like to >> hear about how you harden your servers. > > Roger--I plan to put all that on my blog later. I've been relying > heavily on several books, which I'll mention after I get home to my > bookshelf ("Apache Security" is one of them).
The book "Apache Security" is by Ivan Ristic, published in March 2005. The other one I have is "Preventing Web Attacks With Apache" by Ryan C. Barnett, published in 2006. Both books have been very helpful, along with the Apache 2.4 site docs for SSL. Another great source is this link: https://www.ssllabs.com/ where they have several interesting projects including a program to rate a site's security, and some good papers including one on "SSL/TLS Deployment Best Practices" and one entitled "SSL Server Rating Guide." Best regards. -Tom ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
