ApacheCon North America 2014 has ended
Register Now for ApacheCon North America 2014 - April 7-9 in Denver, CO. Registration fees increase on March 15th, so don’t delay!
Back To Schedule
Tuesday, April 8 • 3:45pm - 4:35pm
Apache httpd SSL; End-to-End

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

The days of deploying the default, example httpd.conf to enable mod_ssl are long gone, while most articles published on the web are long out of date.  Any 'openssl genrsa 1024' bit suggestion is a first hint of corroded guidance. Smart organizations and business have changed their cipher suite, added ECC keys and stronger RSA keys to now default to forward secrecy operation.  They have shifted from SSL session caches to session tickets to further attain perfect forward secrecy.  And they are rolling out OCSP stapling services to avoid the CA lookup delays, and are on the verge of adopting TLS virtual hosting as the last of the antique browser clients disappear from (or become ignored on) the internet. This talk discusses all of the above features and illustrates deployment consideration, including a hands-on demonstration.  The talk further presents smart configuration of the reverse proxy connections and looks at forward proxy mechanics in preserving the end-to-end goal of perfect forward secrecy.

avatar for William A Rowe Jr

William A Rowe Jr

Staff Engineer, Pivotal
William is a member of the Application Products engineering team at Pivotal, and has been involved in the Apache HTTP Server effort since the turn of the century. He is a project member and committer to several ASF projects and serves on the ASF security response team. He is sometimes... Read More →

Tuesday April 8, 2014 3:45pm - 4:35pm PDT
Horace Tabor

Attendees (0)