</strong>
[<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#wassenaar"><b>L</b></a>]
<p>
- First, let us explain what <i>Wassenaar</i> and it's <i>Arrangement on
+ First, let us explain what <i>Wassenaar</i> and its <i>Arrangement on
Export Controls for Conventional Arms and Dual-Use Goods and
Technologies</i> is: This is a international regime, established 1995, to
control trade in conventional arms and dual-use goods and technology. It
<code><b>$ telnet localhost 80</b></code><br>
<code><b>GET / HTTP/1.0</b></code>
<p>
- for simple testing the HTTP protocol of Apache, it's not such easy for
+ for simple testing the HTTP protocol of Apache, it's not so easy for
HTTPS because of the SSL protocol between TCP and HTTP. But with the
help of OpenSSL's <code>s_client</code> command you can do a similar
check even for HTTPS:
<p><!--#include virtual="footer.html" --> </p>
</body>
-</html>
\ No newline at end of file
+</html>
What about mod_ssl and the Wassenaar Arrangement?
</faq>
- First, let us explain what <i>Wassenaar</i> and it's <i>Arrangement on
+ First, let us explain what <i>Wassenaar</i> and its <i>Arrangement on
Export Controls for Conventional Arms and Dual-Use Goods and
Technologies</i> is: This is a international regime, established 1995, to
control trade in conventional arms and dual-use goods and technology. It
<code><b>$ telnet localhost 80</b></code><br>
<code><b>GET / HTTP/1.0</b></code>
<p>
- for simple testing the HTTP protocol of Apache, it's not such easy for
+ for simple testing the HTTP protocol of Apache, it's not so easy for
HTTPS because of the SSL protocol between TCP and HTTP. But with the
help of OpenSSL's <code>s_client</code> command you can do a similar
check even for HTTPS:
way of processing requests. This chapter gives instructions on how to solve
such typical situations. Treat is as a first step to find out the final
solution, but always try to understand the stuff before you use it. Nothing is
-worse than using a security solution without knowing it's restrictions and
+worse than using a security solution without knowing its restrictions and
coherences.
<ul>
In short: The server has a Global ID server certificate, signed by a special
CA certificate from Verisign which enables strong encryption in export
browsers. This works as following: The browser connects with an export cipher,
-the server sends it's Global ID certificate, the browser verifies it and
+the server sends its Global ID certificate, the browser verifies it and
subsequently upgrades the cipher suite before any HTTP communication takes
place. The question now is: How can we allow this upgrade, but enforce strong
encryption. Or in other words: Browser either have to initially connect with
<p><!--#include virtual="footer.html" --> </p>
</body>
-</html>
\ No newline at end of file
+</html>
way of processing requests. This chapter gives instructions on how to solve
such typical situations. Treat is as a first step to find out the final
solution, but always try to understand the stuff before you use it. Nothing is
-worse than using a security solution without knowing it's restrictions and
+worse than using a security solution without knowing its restrictions and
coherences.
</td>
In short: The server has a Global ID server certificate, signed by a special
CA certificate from Verisign which enables strong encryption in export
browsers. This works as following: The browser connects with an export cipher,
-the server sends it's Global ID certificate, the browser verifies it and
+the server sends its Global ID certificate, the browser verifies it and
subsequently upgrades the cipher suite before any HTTP communication takes
place. The question now is: How can we allow this upgrade, but enforce strong
encryption. Or in other words: Browser either have to initially connect with
The following <em>source</em> variants are available:
<ul>
<li><code>builtin</code>
- <p> This is the always available builtin seeding source. It's usage
+ <p> This is the always available builtin seeding source. Its usage
consumes minimum CPU cycles under runtime and hence can be always used
without drawbacks. The source used for seeding the PRNG contains of the
current time, the current process id and (when applicable) a randomly
find under <i>rndcontrol(8)</i> on those platforms. Alternatively, when
your system lacks such a random device, you can use tool
like <a href="http://www.lothar.com/tech/crypto/">EGD</a>
- (Entropy Gathering Daemon) and run it's client program with the
+ (Entropy Gathering Daemon) and run its client program with the
<code>exec:/path/to/program/</code> variant (see below) or use
<code>egd:/path/to/egd-socket</code> (see below).
<p>
This is the Transport Layer Security (TLS) protocol, version 1.0. It is the
successor to SSLv3 and currently (as of February 1999) still under
construction by the Internet Engineering Task Force (IETF). It's still
- not supported by any popular browsers.
+ not supported by all popular browsers.
<p>
<li><code>All</code>
<p>
<ul>
<li><code>builtin</code>
- <p> This is the always available builtin seeding source. It's usage
+ <p> This is the always available builtin seeding source. Its usage
consumes minimum CPU cycles under runtime and hence can be always used
without drawbacks. The source used for seeding the PRNG contains of the
current time, the current process id and (when applicable) a randomly
find under <i>rndcontrol(8)</i> on those platforms. Alternatively, when
your system lacks such a random device, you can use tool
like <a href="http://www.lothar.com/tech/crypto/">EGD</a>
- (Entropy Gathering Daemon) and run it's client program with the
+ (Entropy Gathering Daemon) and run its client program with the
<code>exec:/path/to/program/</code> variant (see below) or use
<code>egd:/path/to/egd-socket</code> (see below).
<p>
This is the Transport Layer Security (TLS) protocol, version 1.0. It is the
successor to SSLv3 and currently (as of February 1999) still under
construction by the Internet Engineering Task Force (IETF). It's still
- not supported by any popular browsers.
+ not supported by all popular browsers.
<p>
<li><code>All</code>
<p>
projects / apache / commitdiff