[users@httpd] Re: Best way to install openssl and apache 2.4.18 for ssl

2016-07-16 Thread Kory Wheatley
Does anyone have thought about this install. I will be creating a self signed certificate for testing On Wed, Jul 13, 2016 at 7:28 AM, Kory Wheatley wrote: > Steps I have for installing Apache with openssl. Please let me know if > there's issues. I will be using a secure server for setup > >

Re: [users@httpd] HTTPD asking for password after power failure

2016-07-16 Thread Frank Gingras
Try to use apachectl restart instead to bypass your init scripts. The latter are likely to hide actual errors that would appear on STDERR. If apachectl restart still gives you that error, perhaps your distro mangled it as well. Then, I would use strace with httpd -X to get the complete picture. O

Re: [users@httpd] Help disabling weak ciphers.

2016-07-16 Thread Spork Schivago
I think I figured it out. I think I just had to scroll down a bit in Qualy's SSL Lab. I see a list of browsers and with TLSv1.0 and TLSv1.1 disabled, I now see: Server sent fatal alert: protocol_version I believe they're the ones that don't support the protocols that I've disabled. I think I'

Re: [users@httpd] Help disabling weak ciphers.

2016-07-16 Thread Spork Schivago
I made the required changes but don't get the A+ rating, still A. Forward Secrecy is enabled, which is good. I don't actually see scores for the bar graph but I do see certain ones don't go to the 100%. One was the Protocol Support. However, if I disable TLSv1 and TLSv1.1, then Protocol Sup

Re: [users@httpd] Help disabling weak ciphers.

2016-07-16 Thread Spork Schivago
Wow, thank you Dr. James Smith! I am going to try your cipher list and see if I can get the A+ rating. That's exactly what I'm after. Are there any other drawbacks besides losing support for Java 6 and IE 6 clients? I originally started writing my website to be IE 6 compatible but after lea

Re: [users@httpd] mod_proxy nofailover parameter.

2016-07-16 Thread dE
I'll come back to this later. On 07/15/16 22:25, Daniel wrote: Failover is what you described, nofailover is for the opposite El 15 jul. 2016 3:27 p. m., "dE" > escribió: Hi, What I understand of nofailover is that in case a client is fetching fr

[users@httpd] HTTPD asking for password after power failure

2016-07-16 Thread Nicholas Williams
I have a server running OpenSUSE 42.1 with stock Apache HTTPD 2 installed from the package manager. It has been running without issue for well over a year. We've restarted the service and the server since then without issue. The service always starts on its own when the server boots. Last nig