I just upgraded to Movable Type 5, and I'm testing the different comment sign-in possiblities. MT5 supports OpenID, LiveJournal, Vox, TypePad, Google, Yahoo, AIM, Wordpress.com, Yahoo!JAPAN, livedoor, and Hatena. You'll see these choices if you hit the sign in link below.
I have also enabled SSL with a self-signed cert, so if you're shy about signing in to comment via http, just switch it to https by typing the s in your link bar. And no, I have not found a way to globally change signins to SSL in MT 5.
Tuesday, June 8, 2010
Friday, June 4, 2010
How to dial up encryption so high in Apache that it breaks IE and Chrome
So you want to require strong encryption in Apache's httpd 2.0? So strong that Firefox is the only browser that can connect?
In /etc/httpd/conf.d/ssl.conf, edit the two lines as below:
SSLProtocol TLSv1
SSLCipherSuite HIGH
Then go to
/etc/httpd/conf/httpd.conf and edit your
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 256
Then
apachectl configtest
to check for typos.
Finally
/etc/rc.d/init.d/httpd restart
What this does is make browsers do
TLSv1 DHE-RSA-CAMELLIA256-SHA only.
You can then watch your SSL handshakes fail from IE and Chrome. If you want to require strong encryption across browsers, edit ssl.conf to look like this:
SSLProtocol TLSv1
SSLCipherSuite AES256-SHA
Then you'll have reasonably strong encryption.
In /etc/httpd/conf.d/ssl.conf, edit the two lines as below:
SSLProtocol TLSv1
SSLCipherSuite HIGH
Then go to
/etc/httpd/conf/httpd.conf and edit your
<Directory> </Directory>to include the following line:
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 256
Then
apachectl configtest
to check for typos.
Finally
/etc/rc.d/init.d/httpd restart
What this does is make browsers do
TLSv1 DHE-RSA-CAMELLIA256-SHA only.
You can then watch your SSL handshakes fail from IE and Chrome. If you want to require strong encryption across browsers, edit ssl.conf to look like this:
SSLProtocol TLSv1
SSLCipherSuite AES256-SHA
Then you'll have reasonably strong encryption.
Subscribe to:
Posts (Atom)