Freeware (IRIX) » Product Release Notes / Information
find in page
mod_ssl-2.8.12-1.3.27: description + notes
This module provides strong cryptography for the
Apache 1.3 webserver via the
Secure Sockets Layer
(SSL v2/v3) and Transport
Layer Security (TLS v1) protocols by the help of the
Open Source SSL/TLS toolkit
You should be very sensible when using cryptography software, because
just running an SSL server DOES NOT mean your system is then
secure! This is for a number of reasons. The following questions
illustrate some of the problems.
- SSL itself may not be secure. People think it is, do you?
- Does this code implement SSL correctly?
- Have the authors of the various components put in back doors?
- Does the code take appropriate measures to keep private keys private?
To what extent is your cooperation in this process required?
- Is your system physically secure?
- Is your system appropriately secured from intrusion over the network?
- Who do you trust? Do you understand the trust relationship involved
in SSL certificates? Do your system administrators?
- Are your keys, and keys you trust, generated careful enough to
avoid reverse engineering of the private keys?
- How do you obtain certificates, keys, and the like, securely?
- Can you trust your users to safeguard their private keys?
- Can you trust your browser to safeguard its generated private key?
If you can't answer these questions to your personal satisfaction, then you
usually have a problem. Even if you can, you may still NOT be secure.
Don't blame us if it all goes horribly wrong. Use it at your own risk!
See the mod_ssl home page for
- You must generate your own certificates before using
this secure server. A set of self-signed test "Snake Oil"
certificates are included for testing purposes only. The
/var/sgi_apache/mod_ssl/mkcert.sh script can help
you create your own certificates: invoke it with
- For each server that you want to support SSL connections edit
the /etc/config/sgi_apache.options.httpd-server file
to contain the word "startssl".
- Please read the Apache SSL/TLS Encryption FAQ, particularly
the item on entropy. There is presently no /dev/random
on IRIX, and the mod_ssl builtin PRNG seed usually does
not suffice. Alternatives such as the Entropy Gathering
Daemon or the truerand
program appear to work well.
- If you have customized your
apachectl files this package may not be able
to apply the necessary changes for SSL support automatically.
If this happens you will get error messages from inst
exitops that failed. Apply the
rejected patches manually. To avoid spurious failures the
patches will not be applied if ".pre-ssl" files are
Note: this package extends the
sgi_apache 1.3.27 web server
first shipped in IRIX 6.5.19. Please see
if you are running an older version of
fw_apache web server has a non-default
subsystem that contains its support for
To install this package, go to the SGI Freeware site.
what's new |