different ways to disable https in apache...

• Previous message: Poul-Henning Kamp: "Re: FreeBSD Security Advisory FreeBSD-SA-05:09.htt [REVISED]"
• Next in thread: Drew B. [Security Expertise/Freelance Security research].: "Re: different ways to disable https in apache..."
• Reply: Drew B. [Security Expertise/Freelance Security research].: "Re: different ways to disable https in apache..."
• Reply: Jason Stone: "Re: different ways to disable https in apache..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 13 May 2005 08:54:54 -0700 (PDT)
To: freebsd-security@freebsd.org

Hello,

I built apache+openssl+mod_ssl. It is working fine,
and I have been starting the server with:

apachectl startssl

Recently, however, I have decided that I will not be
doing anything over https (for a while, at least) with
this web server, so for security reasons, I want to
only run on port 80.

So now I start the server with:

apachectl start

And it runs without SSL. My question is, is starting
the SSl enabled apache like this, and running it
without SSL exactly the same security-wise as running
a copy of apache without SSL at all ? That is, SSL
libraries, etc., can have vulnerabilities in them, and
am I still vulnerable to those problems even if I am
running only on port 80 ?

What kinds of attacks might I _not_ be insulating
myself against by simply not running SSL, vs.
reinstalling without it ?

thanks,

                
__________________________________
Yahoo! Mail Mobile
Take Yahoo! Mail with you! Check email on your mobile phone.
http://mobile.yahoo.com/learn/mail
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Poul-Henning Kamp: "Re: FreeBSD Security Advisory FreeBSD-SA-05:09.htt [REVISED]"
• Next in thread: Drew B. [Security Expertise/Freelance Security research].: "Re: different ways to disable https in apache..."
• Reply: Drew B. [Security Expertise/Freelance Security research].: "Re: different ways to disable https in apache..."
• Reply: Jason Stone: "Re: different ways to disable https in apache..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Apache ssl startup ... After boot doing apachectl stop and apachectl startssl starts the ... server in ssl mode. ... I also found that, once I started apache with ssl, I couldn't also run it without ssl. ... Since it was a production server and I was in no mode to troubleshoot, I reverted to apache13 w/ mod_ssl, which works just fine for me. ... (freebsd-questions) Apache 2.0.61 and SSL start ... I portupgraded my apache 2.0.59 to 61 today with no errors, but on restart, SSL wasn't loaded. ... /usr/local/etc/rc.d/apache2 start starts the server (I have ... apachectl -k start -DSSL prompts me for my sslcert passphrase, and, after I enter it, allows https access on port 443. ... (freebsd-questions) Most users cant connect to our SSL-- help! ... I've included all relevant SSL settings from our ... Subject: Large percentage of customers cannot connect to https: ... server, which then grinds indefinitely. ... "2) Your secure order form is not working. ... (comp.security.misc) Most users cant connect to our SSL-- help! ... I've included all relevant SSL settings from our ... Subject: Large percentage of customers cannot connect to https: ... server, which then grinds indefinitely. ... "2) Your secure order form is not working. ... (comp.security.ssh) Most users cant connect to our SSL-- help! ... I've included all relevant SSL settings from our ... Subject: Large percentage of customers cannot connect to https: ... server, which then grinds indefinitely. ... "2) Your secure order form is not working. ... (comp.security.unix)