Date: Fri, 13 May 2005 08:54:54 -0700 (PDT) From: Joe Schmoe <non_secure@yahoo.com> To: freebsd-security@freebsd.org Subject: different ways to disable https in apache... Message-ID: <20050513155454.63841.qmail@web53302.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
Hello, I built apache+openssl+mod_ssl. It is working fine, and I have been starting the server with: apachectl startssl Recently, however, I have decided that I will not be doing anything over https (for a while, at least) with this web server, so for security reasons, I want to only run on port 80. So now I start the server with: apachectl start And it runs without SSL. My question is, is starting the SSl enabled apache like this, and running it without SSL exactly the same security-wise as running a copy of apache without SSL at all ? That is, SSL libraries, etc., can have vulnerabilities in them, and am I still vulnerable to those problems even if I am running only on port 80 ? What kinds of attacks might I _not_ be insulating myself against by simply not running SSL, vs. reinstalling without it ? thanks, __________________________________ Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. http://mobile.yahoo.com/learn/mail
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050513155454.63841.qmail>