[openssl-users] explicitly including other ciphers.

Michael Wojcik Michael.Wojcik at microfocus.com
Fri Dec 4 02:03:28 UTC 2015

> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
> Of Ron Croonenberg
> Sent: Thursday, December 03, 2015 18:35
> To: openssl-users at openssl.org
> Subject: Re: [openssl-users] explicitly including other ciphers.
> The network is isolated from the outside worl,   BUT  we still need
> authentication because different users are using it.
> So what I preferably want is sort of a set up where,
> authentication is done the "standard way" and after that just use the
> https connection without the overhead of actually encrypting anything.
> (and the lesss modifications and recompiling the better)

So rather than connecting directly to Apache, how about connecting to a TLS proxy like stunnel, which would then connect to Apache over vanilla HTTP. Configure Apache to only bind to loopback addresses (127/8 and/or ::1), so no one can bypass the proxy.

That's assuming stunnel doesn't also play silly buggers with the cipher suite list.

Michael Wojcik
Technology Specialist, Micro Focus

More information about the openssl-users mailing list