|
Thanks to: 
|
WebTen
SSL-Security loophole?
| To: | webten@xxxxxxxxxxxxxxx |
|---|---|
| Subject: | SSL-Security loophole? |
| From: | Mark A Bennett <mark.bennett@xxxxxxxx> |
| Date: | Wed, 24 Jan 2001 23:51:18 +0000 |
|
Dear tenon, I hope that I can be quite clear about my problem and that it is solvable. I have a secure domain, it has a verisign cert etc and works well (fast!) and gives me an encrypted domain. However I find myself in EXACTLY the same situation as before: If you delete all CA's from your browser then log into the domain you are prompted to accept the unknown cert. If you do all is well. However..and this concerns me (and should you all), if you refuse the cert..you are then able to view the site NON-ENCRYPTED. What appears secure is in fact not. If you never fail mode test this you would never know. OK, how do I force the server to REFUSE the connection if not secure-other servers do this as I have tried the above with them. I know that there are apache directives to do this, how do I implement them? Regards Mark. ---- Tenon Intersystems' WebTen Mailing List To unsubscribe: send mail to webten-request@xxxxxxxxx with the subject: unsubscribe Find searchable Mailing List archives at http://listsearch.blueworld.com/webtensearch.lasso |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Logging CGI Arguments?, Ed Pastore |
|---|---|
| Next by Date: | Re: Webmail Issue - Reads No messages when there are messages in the mail server, Stephanie Wright |
| Previous by Thread: | Re: Can't Find Key File, BMcDonald |
| Next by Thread: | Re: SSL-Security loophole?, Stephanie Wright |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| Tenon Home | Products | Order | Contact Us | About Tenon | Register | Tech Support | Resources | Press Room | Mailing Lists |
|
Copyright©2003 Tenon Intersystems, 232 Anacapa Street, Suite 2A, Santa Barbara,
CA 93101. All rights reserved. |