Re: [users@httpd] explicitly including other ciphers for use with https

it's an extra layer of security, an imposed requirement On 12/08/2015 04:14 PM, Yann Ylavic wrote: On Tue, Dec 8, 2015 at 8:51 PM, Ron Croonenberg wrote: This is just a bunch of hardware, with connections between it's nodes. The whole thing/cluster is not connected to anything 'internet', no

Re: [users@httpd] explicitly including other ciphers for use with https

On Tue, Dec 8, 2015 at 8:51 PM, Ron Croonenberg wrote: > > This is just a bunch of hardware, with connections between it's nodes. > The whole thing/cluster is not connected to anything 'internet', not even > LAN. I worry about those connections being secure as much as I worry about > security be

Re: [users@httpd] explicitly including other ciphers for use with https

On Tue, Dec 8, 2015 at 3:25 PM, Eric Covener wrote: > On Tue, Dec 8, 2015 at 3:05 PM, Ron Croonenberg wrote: >> also, " ... cipher strings are complex and we're protecting people from >> inadvertently .. " .. that is why we have MS-windows and Mac-OS out >> there. Most Linux installations are

Re: [users@httpd] explicitly including other ciphers for use with https

On Tue, Dec 8, 2015 at 3:05 PM, Ron Croonenberg wrote: > also, " ... cipher strings are complex and we're protecting people from > inadvertently .. " .. that is why we have MS-windows and Mac-OS out > there. Most Linux installations are work horses, mostly run by people that > know what they ar

Re: [users@httpd] explicitly including other ciphers for use with https

There are a bunch of applications for using http with encrypted authentication without encrypted data. For example, in 'cloud computing application' (which what I am build somewhat is), you want password protection/checking for checking at a different stage. However if you have to move TBs

Re: [users@httpd] explicitly including other ciphers for use with https

I think a bunch of people confuse "network" with "world wide web" The thing I am building is an appliance, it uses an internal network and it is not connected to anything 'internet', WAN or 'LAN' It is storage, sort of a file system, I worry about security of that internal network as much as

Re: [users@httpd] explicitly including other ciphers for use with https

what if one simply doesn't care if the data is encrypted during transmission?. The data I move to an object store, basically files, could already be stored encrypted. Also, hardware encrypters don't have a need for encrypting data again. Encrypting it again is just a waste of A LOT of bandwith

Re: [users@httpd] explicitly including other ciphers for use with https

On Tue, Dec 8, 2015 at 2:19 PM, Eric Covener wrote: > On Tue, Dec 8, 2015 at 11:41 AM, Ron Croonenberg wrote: >> P.S: why not make it an option that can be configured and where the default >> 'setting' is "no NULL ciphers" ? > > I think the rational ie that the cipher strings are complex and we'

Re: [users@httpd] explicitly including other ciphers for use with https

On Tue, Dec 8, 2015 at 11:41 AM, Ron Croonenberg wrote: > P.S: why not make it an option that can be configured and where the default > 'setting' is "no NULL ciphers" ? I think the rational ie that the cipher strings are complex and we're protecting people from inadvertently enabling null and ex

Re: [users@httpd] explicitly including other ciphers for use with https

On 12/07/2015 09:54 PM, William A Rowe Jr wrote: On Dec 7, 2015 11:36 PM, "Marat Khalili" mailto:m...@rqc.ru>> wrote: >> >> Everything *after* that handshake, in cleartext, is open for inspection or for manipulation > > Are you sure about the manipulation part? Why do you think encryption hel

Re: [users@httpd] explicitly including other ciphers for use with https

Can't you just use stunnel for the TLS part? According to some information on the net it can be configured to use null cipher without recompilation. IMO it should be compatible with 'normal' HTTPS, save for things like virtualhost name extension. If HTTPS compatibility matters to you at all, bec

RE: [users@httpd] explicitly including other ciphers for use with https

This is an error email !! don’t send more email here !! De: William A Rowe Jr [mailto:wr...@rowe-clan.net] Enviado el: mardi 8 décembre 2015 18:36 Para: users@httpd.apache.org Asunto: Re: [users@httpd] explicitly including other ciphers for use with https On Tue, Dec 8, 2015 at 10

Re: [users@httpd] explicitly including other ciphers for use with https

On Tue, Dec 8, 2015 at 10:45 AM, Ron Croonenberg wrote: > I forgot, is there a "standard way" to create an rpm so I can install the > binaries somewhere? > Well, all the major linux distributions have their own forks, their own 'one right way' to package rpm/deb/etc, but have a look in the buil

RE: [users@httpd] explicitly including other ciphers for use with https

You make an error, don't send more email here please -Mensaje original- De: Ron Croonenberg [mailto:r...@lanl.gov] Enviado el: mardi 8 décembre 2015 17:46 Para: users@httpd.apache.org Asunto: Re: [users@httpd] explicitly including other ciphers for use with https I forgot, is

Re: [users@httpd] explicitly including other ciphers for use with https

I forgot, is there a "standard way" to create an rpm so I can install the binaries somewhere? thanks, Ron On 12/08/2015 09:41 AM, Ron Croonenberg wrote: so in the source tree: modules/ssl in: ssl_engine_config.c I see two lines: arg = apr_pstrcat(cmd->pool, "!aNULL:!eNULL:!EXP:", arg, NU

Re: [users@httpd] explicitly including other ciphers for use with https

so in the source tree: modules/ssl in: ssl_engine_config.c I see two lines: arg = apr_pstrcat(cmd->pool, "!aNULL:!eNULL:!EXP:", arg, NULL); and tossed eNULL out in: ssl_engine_init.c I see a line: apr_pstrcat(ptemp, "!aNULL:!eNULL:!EXP:", SSL_DEFAULT_CIPHER_LIST, these 3 locations are the on

Re: [users@httpd] explicitly including other ciphers for use with https

It should be straightforward to patch mod_ssl to accept null ciphers, for such an unusual use case, but it isn't something we would likely accept in the ASF distribution for the reasons I outlined. that would be fine, this is cluster that needs to move a lot data internally in a very short am

Re: [users@httpd] explicitly including other ciphers for use with https

consider it an appliance, there are no user on this IB-fabric/network just machines with no users/logins that communicate with each other. I am looking for speed at this point, safety is not a concern, I can solve that otherwise later. Besides, I am trying to have a discussion about if some

Re: [users@httpd] explicitly including other ciphers for use with https

Ok, I want to use encrypted authentication BUT do not want to use any encryption of the data at all. I do have 100% control over all off the IB fabric (and it is not in 'user space', consider it an appliance' this will be running on. I am not interested in something secure at this point, I a

Re: [users@httpd] explicitly including other ciphers for use with https

what gives you the suggestion that the user agent or the httpd server would notice any modification of plaintext bytes in transit through a router or other network intermediate? Isn't this authentication is for? -- With Best Regards, Marat Khalili On 08/12/15 08:54, William A Rowe Jr wrote:

Re: [users@httpd] explicitly including other ciphers for use with https

On Dec 7, 2015 11:36 PM, "Marat Khalili" wrote: >> >> Everything *after* that handshake, in cleartext, is open for inspection or for manipulation > > Are you sure about the manipulation part? Why do you think encryption helps here then? To turn the question around, what gives you the suggestion t

Re: [users@httpd] explicitly including other ciphers for use with https

Everything *after* that handshake, in cleartext, is open for inspection or for manipulation Are you sure about the manipulation part? Why do you think encryption helps here then? -- With Best Regards, Marat Khalili On 08/12/15 05:30, William A Rowe Jr wrote: On Mon, Dec 7, 2015 at 7:40 PM, J

Re: [users@httpd] explicitly including other ciphers for use with https

On Mon, Dec 7, 2015 at 7:40 PM, Jacob Champion wrote: > On 12/07/2015 05:06 PM, William A Rowe Jr wrote: > >> On Mon, Dec 7, 2015 at 2:39 PM, Ron Croonenberg > > wrote: >> >> Hello, >> >> I a building a storage system, using HTTP/HTTPS for ingesting data. >> >> I

Re: [users@httpd] explicitly including other ciphers for use with https

On 12/07/2015 05:06 PM, William A Rowe Jr wrote: On Mon, Dec 7, 2015 at 2:39 PM, Ron Croonenberg mailto:r...@lanl.gov>> wrote: Hello, I a building a storage system, using HTTP/HTTPS for ingesting data. I would like to use the authentication over HTTPS, while after that I want n

Re: [users@httpd] explicitly including other ciphers for use with https

On Mon, Dec 7, 2015 at 2:39 PM, Ron Croonenberg wrote: > Hello, > > I a building a storage system, using HTTP/HTTPS for ingesting data. > > I would like to use the authentication over HTTPS, while after that I want > no encryption on the data because of peformance. > Then you probably don't unde

[users@httpd] explicitly including other ciphers for use with https

Hello, I a building a storage system, using HTTP/HTTPS for ingesting data. I would like to use the authentication over HTTPS, while after that I want no encryption on the data because of peformance. I think using null ciphers, like eNULL would work, but how do I change the configurations is