Skip to main content

Apache HTTP Server; SSL from End-to-End

William A Rowe Jr (Pivotal)
Security
D136
Average rating: ***..
(3.20, 5 ratings)
Slides:   1-ODP 

The days of deploying the default, example httpd.conf to first enable https:// are long gone. Most articles published on the web are long out of date. Any suggestion of ‘openssl genrsa 1024’ is an immediate clue of corroded guidance.

Smart organizations and business have changed their cipher suite,
added ECC keys and stronger RSA keys to now default to forward secrecy
operation. They have shifted from SSL session caches to session
tickets to further attain perfect forward secrecy. And they are
rolling out OCSP stapling services to avoid the CA lookup delays, and
are on the verge of adopting TLS virtual hosting as the last of the
antique browser clients disappear from (or become ignored on) the
internet.

This talk discusses all of the above features and illustrates
deployment considerations, including hands-on demonstration. The talk
further presents smart configuration of the reverse proxy connections
and looks at forward proxy mechanics in preserving the end-to-end goal
of perfect forward secrecy.

William A Rowe Jr

Pivotal

William is a member of the Application Products engineering team at Pivotal, where he has developed and maintained Apache Web Server based products since the turn of the century. He is an active committer to several Apache Software Foundation projects and serves on the ASF security response team. Over the past dozen years, William has contributed to the Apache Software Foundation, initially as a contributor to the Apache HTTP Server and APR projects, served as a Project Chair to both, mentored a number of projects new to the Foundation, participated on the convention committee for the foundation, and served as a Director of the Foundation. He is sometimes teased as the Unix developer who happens to work on Windows, and was largely responsible for stabilizing httpd running on Windows and ensuring Windows was a first class supported platform of the APR library.