From owner-freebsd-isp Sun Jul 16 19:27:39 2000 Delivered-To: freebsd-isp@freebsd.org Received: from ren.sasknow.com (ren.sasknow.com [207.195.92.131]) by hub.freebsd.org (Postfix) with ESMTP id 15F1E37B6AB for ; Sun, 16 Jul 2000 19:27:36 -0700 (PDT) (envelope-from ryan@sasknow.com) Received: from localhost (ryan@localhost) by ren.sasknow.com (8.9.3/8.9.3) with ESMTP id UAA84876; Sun, 16 Jul 2000 20:29:14 -0600 (CST) (envelope-from ryan@sasknow.com) Date: Sun, 16 Jul 2000 20:29:14 -0600 (CST) From: Ryan Thompson To: Gabriel Ambuehl Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Cloaking Apache mod_ssl In-Reply-To: <1713780456.20000716120002@buz.ch> Message-ID: Organization: SaskNow Technologies [www.sasknow.com] MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Gabriel Ambuehl wrote to freebsd-isp@FreeBSD.ORG: > Hello, > I'd like to have my Apache sending out bogus information about the > running daemon. I understand that I can alter > define SERVER_BASEVERSION "Apache/1.3.12" > in httpd.h to get it sending other strings about the daemon itself, How about just turning server signatures off altogether? httpd.conf: ServerSignature Off > but how can I get rid of those mod_ssl and OpenSSL statements? Any > inputs would be appreciated. Why would you want to? Exploitability reasons? Most of the time that's a moot point, anyway. If a user has an exploit for web server A, she's probably not even going to look at a server signature. She's just going to try it anyway and see if it works. (And hey, maybe web server B has the same problem) If you're doing it for export reasons (i.e., to slip the legalities under someone's nose), I suspect you won't get much support. Besides, it's the encryption algorithms and keysizes that are protected, not the server signatures ;-) - Ryan -- Ryan Thompson Systems Administrator, Accounts Phone: +1 (306) 664-1161 SaskNow Technologies http://www.sasknow.com #106-380 3120 8th St E Saskatoon, SK S7H 0W2 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message