On Tue, Dec 8, 2015 at 10:45 AM, Ron Croonenberg <r...@lanl.gov> wrote:
> I forgot, is there a "standard way" to create an rpm so I can install the > binaries somewhere? > Well, all the major linux distributions have their own forks, their own 'one right way' to package rpm/deb/etc, but have a look in the build/ directory of your source tarball. > On 12/08/2015 09:41 AM, Ron Croonenberg wrote: > >> so in the source tree: >> >> modules/ssl >> >> >> in: ssl_engine_config.c >> I see two lines: >> arg = apr_pstrcat(cmd->pool, "!aNULL:!eNULL:!EXP:", arg, NULL); >> >> and tossed eNULL out >> >> in: ssl_engine_init.c >> I see a line: >> apr_pstrcat(ptemp, "!aNULL:!eNULL:!EXP:", SSL_DEFAULT_CIPHER_LIST, >> >> these 3 locations are the only places where NULL ciphers are excluded, >> right? >> > Offhand, yes. > P.S: why not make it an option that can be configured and where the >> default 'setting' is "no NULL ciphers" ? >> > Because a very tiny fraction of the users who toggle such an option will know what they are doing. You clearly do, however you may or may not find the performance gains you are hoping for, there are more efficient auth mechanisms such as digest authentication that will not pass passwords in the clear, and there are others such as gssapi that perform the authentication function alone using typical linux semantics. Have you looked at https://github.com/modauthgssapi/mod_auth_gssapi as an alternative for this particular use case?
