[openssl-users] explicitly including other ciphers.

Jakob Bohm jb-openssl at wisemo.com
Fri Dec 4 02:10:40 UTC 2015

On 04/12/2015 03:03, Michael Wojcik wrote:
>> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
>> Of Ron Croonenberg
>> Sent: Thursday, December 03, 2015 18:35
>> To: openssl-users at openssl.org
>> Subject: Re: [openssl-users] explicitly including other ciphers.
>> The network is isolated from the outside worl,   BUT  we still need
>> authentication because different users are using it.
>> So what I preferably want is sort of a set up where,
>> authentication is done the "standard way" and after that just use the
>> https connection without the overhead of actually encrypting anything.
>> (and the lesss modifications and recompiling the better)
> So rather than connecting directly to Apache, how about connecting to a TLS proxy like stunnel, which would then connect to Apache over vanilla HTTP. Configure Apache to only bind to loopback addresses (127/8 and/or ::1), so no one can bypass the proxy.
> That's assuming stunnel doesn't also play silly buggers with the cipher suite list.
Wouldn't that extra hop via stunnel cost performance
(noting that Ron is apparently running at faster than
gigabit speed).


Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the openssl-users mailing list