[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] SSL Insight

Subject: Re: [cobalt-security] SSL Insight
From: Eugene Crosser <crosser@xxxxxxxxxxx>
Date: 30 Aug 2002 08:59:19 +0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Fri, 2002-08-30 at 05:08, Jeff Lasman wrote:

> > I am a little skeptical about the SSL that comes stock with the RAQ4. I
> > have a few pages within the site that have the need. Does anyone have
> > any good suggestions or important tips on using it properly (other than
> > following the guides instructions),
> 
> Are you talkiing about the ssl infrastructure or your cert?
> 
> RaQs use openssl for Apache, and if kept up-to-date (I believe it's
> up-to-date today) it's as secure as it gets.

I'm afraid Cobalt's apache ssl is out of date as of now.  There've not
been an Apache update since the discovery of the bugs in openssl-0.9.6d.

> If you're talking about your cert, you should NEVER use a self-signed
> cert to secure a publicly-accessible site.  self-signed certs are fine
> for testing, and for server administration, though with commercial certs
> available as inexpensively as $49 or less, there's no reason to use them
> even for server administration.

That is, if you are planning to use it for business that will bring you
more than $49 annually.  Which is not always the case ;-)

Eugene

Follow-Ups:
- Re: [cobalt-security] SSL Insight
  - From: Jeff Lasman
- Re: [cobalt-security] SSL Insight
  - From: Jay Summers

References:
- [cobalt-security] SSL Insight
  - From: Michael D. Mack
- Re: [cobalt-security] SSL Insight
  - From: Jeff Lasman

Prev by Date: RE: [cobalt-security] SSL Insight
Next by Date: [cobalt-security] QuickFIX:CGIWrap Update: Patched RaQ still has issues
Previous by thread: RE: [cobalt-security] SSL Insight
Next by thread: Re: [cobalt-security] SSL Insight

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index