diff options
Diffstat (limited to 'usr.sbin/httpd/README.SSL')
-rw-r--r-- | usr.sbin/httpd/README.SSL | 145 |
1 files changed, 145 insertions, 0 deletions
diff --git a/usr.sbin/httpd/README.SSL b/usr.sbin/httpd/README.SSL new file mode 100644 index 00000000000..8b0f6d16cf7 --- /dev/null +++ b/usr.sbin/httpd/README.SSL @@ -0,0 +1,145 @@ + _ _ + _ __ ___ ___ __| | ___ ___| | + | '_ ` _ \ / _ \ / _` | / __/ __| | + | | | | | | (_) | (_| | \__ \__ \ | mod_ssl - Apache Interface to SSLeay + |_| |_| |_|\___/ \__,_|___|___/___/_| http://www.engelschall.com/sw/mod_ssl/ + |_____| + _____________________________________________________________________________ + + ``All the good things you want + to do in your life have to be + started in the next few hours, + days or weeks.'' + -- Tom DeMarco + + ``The best SSL solution for + Apache money can't buy.'' + OVERVIEW + + Description + ___________ + + This Apache module provides strong cryptography for the Apache 1.3 webserver + via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS + v1) protocols by the help of the SSL/TLS implementation library SSLeay from + Eric A. Young and Tim J. Hudson. + + The mod_ssl package was created in April 1998 by Ralf S. Engelschall and was + originally derived from software developed by Ben Laurie for use in the + Apache-SSL HTTP server project. Additionally it uses a tool developed by + Larry Wall and David MacKenzie for use in the GNU project of the FSF. + + Features + ________ + + The mod_ssl package provides the following features: + + o Open-Source software (BSD-style license) + o Useable for both commercial and non-commercial use + o Available for both Unix and Win32 platforms + o 128-bit strong cryptography world-wide + o Support for SSLv2, SSLv3 and TLSv1 protocols + o Clean reviewable ANSI C source code + o Clean Apache module architecture + o Integrates seamlessly into Apache through an Extended API (EAPI) + o Full Dynamic Shared Object (DSO) support + o Support for the SSLeay+RSAref US-situation + o Advanced pass-phrase handling for private keys + o X.509 certificate based authentication for both client and server + o Support for per-URL renegotiation of SSL handshake parameters + o Support for explicit seeding of the PRNG from external sources + o Additional boolean-expression based access control facility + o Backward compatibility to other Apache SSL solutions + o Inter-process SSL session cache + o Powerful dedicated SSL engine logging facility + o Simple and robust application to Apache source trees + o Fully integrated into the Apache 1.3 configuration mechanism + o Additional integration into the Apache Autoconf-style Interface (APACI) + o Assistance in X.509 v3 certificate generation + + Disclaimer + __________ + + But the price you have to pay for getting a free SSL implementation for + Apache is the following: + + THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY EXPRESSED + OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN + NO EVENT SHALL RALF S. ENGELSCHALL OR THEIR CONTRIBUTORS BE LIABLE FOR ANY + DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + Restrictions + ____________ + + Additionally you have to accept the following restriction: + + Please REMEMBER that export/import and/or use of cryptography software or + even just providing cryptography hooks is illegal in some parts of the + world. When you re-distribute this package or even email + patches/suggestions to the authors or other people PLEASE PAY CLOSE + ATTENTION TO ANY APPLICABLE EXPORT/IMPORT LAWS. The author of mod_ssl is not + liable for any violations you make here. So be carefully yourself. + + Security Concerns + _________________ + + You should be very sensible when using cryptography software, because just + running an SSL server _DOES NOT_ mean your system is then secure! This is + for a number of reasons. The following questions illustrate some of the + problems. + + o SSL itself may not be secure. People think it is, do you? + o Does this code implement SSL correctly? + o Have the authors of the various components put in back doors? + o Does the code take appropriate measures to keep private keys private? + To what extent is your cooperation in this process required? + o Is your system physically secure? + o Is your system appropriately secured from intrusion over the network? + o Whom do you trust? Do you understand the trust relationship involved + in SSL certificates? Do your system administrators? + o Are your keys, and keys you trust, generated careful enough to + avoid reverse engineering of the private keys? + o How do you obtain certificates, keys, and the like, securely? + o Can you trust your users to safeguard their private keys? + o Can you trust your browser to safeguard its generated private key? + + If you can't answer these questions to your personal satisfaction, then you + usually have a problem. Even if you can, you may still _NOT_ be secure. + Don't blame the authors if it all goes horribly wrong. Use it at your own + risk! + + Installation + ____________ + + For installing mod_ssl under Unix please read the document INSTALL, + for installing under Win32 read the document INSTALL.Win32. + + Compatibility + _____________ + + This module was developed and tested with Communicator 4.05, Lynx and cURL + under FreeBSD 2.2.6 as the clients only. But it should work with other + Navigator/Communicator variants, too. Even Internet Explorer users should be + able to use this software. + + Resources + _________ + + For a large list of resources visit the location + http://www.engelschall.com/sw/mod_ssl/related/ + There you can find a lot of hyperlinks to all SSL-related things. + + Credits + _______ + + Special thanks to The Apache Group and the NCSA for Apache, to Eric A. Young + and Tim J. Hudson for SSLeay and to Ben Laurie for the original Apache-SSL + on which mod_ssl is based. Without the effort of these people mod_ssl would + not be possible. + |