Mailing List Archive

https://bz.apache.org/bugzilla/show_bug.cgi?id=66016

--- Comment #2 from SkyFly222 <510584901@qq.com> ---
(In reply to Joe Orton from comment #1)
> I'm not sure what "password encryption is stored in plaintext" means.
>
> With mod_ssl you can do any of:
>
> a) use a plaintext-on-disk key file
> b) use an encrypted-on-disk key file which is unencrypted in memory using a
> passphrase supplied at startup
> c) use a PKCS#11 module which encapsulates the key (e.g. in hardware)

https://cwiki.apache.org/confluence/display/HTTPD/SettingUpModSSL
<IfModule mod_ssl.c>
SSLEngine on
SSLProtocol TLSv1.2
SSLCipherSuite
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-DSS-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:DHE-DSS-AES128-SHA256:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!DHE
SSLCertificateFile /etc/server.crt
SSLCertificateKeyFile /etc/server.key
SSLVerifyDepth 10
SSLOptions +StdEnvVars
</IfModule>

When apache starts, /etc/server.key is plaintext(In reply to Joe Orton from
comment #1)
> I'm not sure what "password encryption is stored in plaintext" means.
>
> With mod_ssl you can do any of:
>
> a) use a plaintext-on-disk key file
> b) use an encrypted-on-disk key file which is unencrypted in memory using a
> passphrase supplied at startup
> c) use a PKCS#11 module which encapsulates the key (e.g. in hardware)

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org