Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 13 May 2005 08:54:54 -0700 (PDT)
From:      Joe Schmoe <non_secure@yahoo.com>
To:        freebsd-security@freebsd.org
Subject:   different ways to disable https in apache...
Message-ID:  <20050513155454.63841.qmail@web53302.mail.yahoo.com>

next in thread | raw e-mail | index | archive | help
Hello,

I built apache+openssl+mod_ssl.  It is working fine,
and I have been starting the server with:

apachectl startssl

Recently, however, I have decided that I will not be
doing anything over https (for a while, at least) with
this web server, so for security reasons, I want to
only run on port 80.

So now I start the server with:

apachectl start

And it runs without SSL.  My question is, is starting
the SSl enabled apache like this, and running it
without SSL exactly the same security-wise as running
a copy of apache without SSL at all ?  That is, SSL
libraries, etc., can have vulnerabilities in them, and
am I still vulnerable to those problems even if I am
running only on port 80 ?

What kinds of attacks might I _not_ be insulating
myself against by simply not running SSL, vs.
reinstalling without it ?

thanks,


		
__________________________________ 
Yahoo! Mail Mobile 
Take Yahoo! Mail with you! Check email on your mobile phone. 
http://mobile.yahoo.com/learn/mail 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050513155454.63841.qmail>