a vendor is setting up on-prem internal servers for us:
vendor told us he needs SSL certs for the 5 servers (there's 5 URLs
given) not for users to access but for server to server communications
Q1:
Shall we use self-signed certs in this case & usually for how long
these certs should be valid
Also,
can we safely say CVE-2019-0217 & CVE-2019-0215 affects "2.4.17 through
2.4.38 with MPM event, worker or prefork" only (just like CVE-2019-0211)?
How do I check if we have "MPM event, worker or prefork" in our Apache?
On Sat, Apr 6, 2019 at 10:59 PM Sunhux G wr
Are above CVEs affecting Apache httpd (ie web servers) 2.4.x only
& other lower versions (eg: our Solaris 10's Apache/2.0.63) are not
affected?
Can point me to where to get the patches for RHEL7/RHEL6
in Red Hat support portal or anywhere else that's reliable??
Sun
Understand Apache web servers (runs on Unix only) & Apache Struts
(can run in Windows & appliances) are different things:
Q1:
Can the various VA scanners (like Nessus & McAfee Vulnerability Manager)
detect the presence of Struts or you'll need to login to individual servers/
endpoints or have an
After making changes to httpd.conf, can I just issue
1) kill -HUP httpd_instance_pid for the change to take effect or
2) service httpd reload or
3) service httpd restart
Select one or more of the above correct options
Thanks
Sun
Thanks.
I'll verify on Mon using the tool Zeek suggested or openssl:
openssl s_client -cipher '!DH:!ADH:RC4+RSA:HIGH:MEDIUM:
!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM'
-
The official User-To-User support forum of the Apache HTTP
, 2011 at 10:48 PM, sunhux G sun...@gmail.com wrote:
I'm newbie to encryption beginner to Apache.
Length: 81
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 77
Version: TLS 1.0 (0x0301)
Random
gmt_unix_time: May 23, 2011 11:01:51.00
random_bytes
I'm new to Apache to my environment too.
We run 4 Apache V2.0.52 I've seeing high load averages (of 3 to 13)
reported by top on the Linux RHES 4.6 for the 1, 5 15 minutes avgs
on 3 of our webservers. All the servers' CPU are generally idle except
one webserver which sometimes hit 90-100% CPU
I'm newbie to encryption beginner to Apache.
Length: 81
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 77
Version: TLS 1.0 (0x0301)
Random
gmt_unix_time: May 23, 2011 11:01:51.00
random_bytes: C0C48BA2.
Session ID Length: 32
Session
Note that in my current Apache config file, there's a line below which does not
mention anything on Diffie-Hellman, so my guess is Apache must have selected
/enabled DH by default. How can I explicitly turn it off?
SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
I'm thinking of
I configured my Apache to listen on tcp 83, 446 86.
Our monitoring team uses CA Unicentre (awservices) to monitor the
Apache's ports I often get the alerts below which always recover
within 2-5 minutes.
Our monitoring team asserts that there's nothing wrong with their
monitoring tool (CA) as
Yes, there are entries. So I have to get our monitoring team to
tune CA to poll every 30 secs for 10 mins to be sure we don't
get false alerts?
U
On Sun, Dec 26, 2010 at 2:40 AM, Joost de Heer jo...@sanguis.xs4all.nlwrote:
On 12/25/2010 05:08 PM, sunhux G wrote:
Question is how do I
12 matches
Mail list logo