Bug#267477: Apache 2 TLS by default
* Olaf van der Spek: Instead of just an easy way to enable SSL/TLS, I'd like to see it enabled by default. :) This would be a questionable change because it unnecessarily exposes more program code to potential attacks.
Bug#267477: Apache 2 TLS by default
Florian Weimer wrote: * Olaf van der Spek: Instead of just an easy way to enable SSL/TLS, I'd like to see it enabled by default. :) This would be a questionable change because it unnecessarily exposes more program code to potential attacks. That's true, I guess being able to enable it with a single command would suffice.
Bug#267477: Apache 2 TLS by default
* Olaf van der Spek ([EMAIL PROTECTED]) wrote : Thom May wrote: * Olaf van der Spek ([EMAIL PROTECTED]) wrote : Hi, Instead of just an easy way to enable SSL/TLS, I'd like to see it enabled by default. :) Anyway: Step 3 and 4 can be replaced by running /usr/sbin/apache2-ssl-certificate In step 5 you can use SSLCertificateFile /etc/apache2/ssl/apache.pem and SSLCertificateKeyFile isn't needed. Tried that, far more pain than we need. What exactly was tried and what pain was caused? Generating an ssl cert during install, and setting up apache to use it. See the many archived bugs from the time. If we can sensibly use debconf to ask the questions, then i may reinstate something like this post sarge. I'll try. But would it be possible (pre Sarge) to provide a /etc/apache2/sites-available/ssl so that apache2-ssl-certificate a2enmod ssl a2ensite ssl invoke-rc.d apache reload activates SSL? -Thom
Bug#267477: Apache 2 TLS by default
* Olaf van der Spek ([EMAIL PROTECTED]) wrote : Generating an ssl cert during install, and setting up apache to use it. See the many archived bugs from the time. If we can sensibly use debconf to ask the questions, then i may reinstate something like this post sarge. I'll try. But would it be possible (pre Sarge) to provide a /etc/apache2/sites-available/ssl so that apache2-ssl-certificate a2enmod ssl a2ensite ssl invoke-rc.d apache reload activates SSL? NO. We have to be interactive to use apache2-ssl-certificate, and that BREAKS the buildds. My idea was to let the user execute that if he wants to activate SSL. Does only adding /etc/apache2/sites-available/ssl break anything?
Bug#267477: Apache 2 TLS by default
* Olaf van der Spek ([EMAIL PROTECTED]) wrote : Generating an ssl cert during install, and setting up apache to use it. See the many archived bugs from the time. If we can sensibly use debconf to ask the questions, then i may reinstate something like this post sarge. I'll try. But would it be possible (pre Sarge) to provide a /etc/apache2/sites-available/ssl so that apache2-ssl-certificate a2enmod ssl a2ensite ssl invoke-rc.d apache reload activates SSL? NO. We have to be interactive to use apache2-ssl-certificate, and that BREAKS the buildds. -T
Bug#267477: Apache 2 TLS by default
* Olaf van der Spek ([EMAIL PROTECTED]) wrote : Thom May wrote: * Olaf van der Spek ([EMAIL PROTECTED]) wrote : Hi, Instead of just an easy way to enable SSL/TLS, I'd like to see it enabled by default. :) Anyway: Step 3 and 4 can be replaced by running /usr/sbin/apache2-ssl-certificate In step 5 you can use SSLCertificateFile /etc/apache2/ssl/apache.pem and SSLCertificateKeyFile isn't needed. Tried that, far more pain than we need. What exactly was tried and what pain was caused? Generating an ssl cert during install, and setting up apache to use it. See the many archived bugs from the time. If we can sensibly use debconf to ask the questions, then i may reinstate something like this post sarge. -Thom
Bug#267477: Apache 2 TLS by default
* Olaf van der Spek ([EMAIL PROTECTED]) wrote : Hi, Instead of just an easy way to enable SSL/TLS, I'd like to see it enabled by default. :) Anyway: Step 3 and 4 can be replaced by running /usr/sbin/apache2-ssl-certificate In step 5 you can use SSLCertificateFile /etc/apache2/ssl/apache.pem and SSLCertificateKeyFile isn't needed. Tried that, far more pain than we need. -Thom
Bug#267477: Apache 2 TLS by default
Thom May wrote: * Olaf van der Spek ([EMAIL PROTECTED]) wrote : Hi, Instead of just an easy way to enable SSL/TLS, I'd like to see it enabled by default. :) Anyway: Step 3 and 4 can be replaced by running /usr/sbin/apache2-ssl-certificate In step 5 you can use SSLCertificateFile /etc/apache2/ssl/apache.pem and SSLCertificateKeyFile isn't needed. Tried that, far more pain than we need. What exactly was tried and what pain was caused?
Bug#267477: Apache 2 TLS by default
Hi, Instead of just an easy way to enable SSL/TLS, I'd like to see it enabled by default. :) Anyway: Step 3 and 4 can be replaced by running /usr/sbin/apache2-ssl-certificate In step 5 you can use SSLCertificateFile /etc/apache2/ssl/apache.pem and SSLCertificateKeyFile isn't needed. -- Olaf van der Spek http://xccu.sf.net/