In our shop, it just runs and I am there the time I have to restart it
every year
I still think it should be a binary file, executable by root only. Start
apache as root, and have it setuid to 'nobody' or whatever your httpd user
is after reading the pass phrase.
If someone has root on
Winged Wolf wrote: (hotmail has a broken "reply to all")
You're also going to have to munge the information in the keystructure
itself, so that SSL itself doesn't complain that the IP or port that it's
communicating with has changed.
Okay, well, I revised what my program was going to be
SSLpassphrasefile is:
#!/bin/sh
echo (passphrase)
Write a program in C.
First thing to check is to make sure that stdout is not a tty.
There are various things you can do to make it harder and harder for a
hacker to steal your key. But if the hacker has root on your machine,
there's really
I'm trying to get SSL handshaking to work on a remote, accelerated machine
to take some load off of the web servers when they have a lot of incoming
connections.
Since the accelerator card in the remote machine supports OpenSSL, I figured
I would use the OpenSSL routines on that machine to do
I believe OpenSSL also maintains an internal session cache. If it finds
the session there, it won't even call the mod_ssl retrieve callback.
You can probably configure OpenSSL to not cache, or at least edit the
session cache timeout it has to something like 1 second, in
openssl-ver/ssl/ssl-sess.c
The placement of the ssl_scache_expire() call in ssl_scache_init() is above
the vendor hook for scache_init.
ssl_scache_expire() also has a vendor hook in it for scache_expire. I
believe that the hook for scache_init should be called before the hook for
scache_expire.
My vendor expire()
Please CC: [EMAIL PROTECTED] on all replies since my subscription has
not gone through yet.
I wrote some functions that use the vendor hooks in mod_ssl to store SSL
sessions in a SQL database (so seperate physical web servers can share
session caches)... I have it to the point where if it
What I can't find is whether there is a global maximum number of
On the server side you can set a maximum time with
SSLSessionCacheTimeout, but different clients have their own
settings:
Ok so I suppose my question is, is there a difference between Cache timeouts
and session time-to-live? I
I am trying to determine a good length for SSL Session timeouts. It appears
the default cache length is 5 minutues, but if the session is reused within
those five minutes, its timeout is renewed to five minutes, and so on.
What I can't find is whether there is a global maximum number of
