Christopher Schultz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Martin,
On 4/8/13 8:25 PM, Martin Gainty wrote:
Identification of keys and supported ciphers are an important for
Key Exchange But before that happensThe certificates attributes are
the only means the CA-Authority can verify the the name in the
cert The certificate attributes should contain 1)1 and only 1
Hostname to contact 2)Identification information from a DN in LDAP
or a suitably unique Name Service Server (ADS)allowing verification
of client to a 'Name
Service'http://docs.oracle.com/cd/E19575-01/820-3885/gimog/index.html
Allowing your cert to authenticate to n hosts invites 2n as many
potential DOS attacks Not requiring DN would negate the
CA-Authority ability to verify DN CN == SSL-Host. Think of online
banking and clients need to circumvent forged sites as 'The
official bank site' to send your money If you are FE with Apache
you will want to configure in mod-sslhttp://www.modssl.org/
Yes, you definitely want to make sure to download and install mod_ssl
into your your Apache 1.3 install on your Windows NT 3.5 server. All
of your Netscape clients will be able to access full 48-bit export
encryption over a modern HTTP 0.9 connection.
And don't forget to check that your RS-232 dial-up modem can handle the increased
baud-rate necessary for the SSL-encrypted data.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
