different ways to disable https in apache...
Joe Schmoe
non_secure at yahoo.com
Fri May 13 08:54:55 PDT 2005
Hello,
I built apache+openssl+mod_ssl. It is working fine,
and I have been starting the server with:
apachectl startssl
Recently, however, I have decided that I will not be
doing anything over https (for a while, at least) with
this web server, so for security reasons, I want to
only run on port 80.
So now I start the server with:
apachectl start
And it runs without SSL. My question is, is starting
the SSl enabled apache like this, and running it
without SSL exactly the same security-wise as running
a copy of apache without SSL at all ? That is, SSL
libraries, etc., can have vulnerabilities in them, and
am I still vulnerable to those problems even if I am
running only on port 80 ?
What kinds of attacks might I _not_ be insulating
myself against by simply not running SSL, vs.
reinstalling without it ?
thanks,
__________________________________
Yahoo! Mail Mobile
Take Yahoo! Mail with you! Check email on your mobile phone.
http://mobile.yahoo.com/learn/mail
More information about the freebsd-security
mailing list