[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Web server with PHP setup & mod-ssl

Thanks for the response. I took the action you suggested -- but I didn't delete the previous /etc/apache/httpd.conf file. Now, instead of showing my site on a Web page, my browser treats the main PHP page as a file download and dumps the file to my desktop.

Should I remove apache-ssl, wipe the httpd.conf file, and start over from scratch? Or is there something in the httpd.conf file that I'm missing? I can't find a reference to an SSL module or anything similar.

Thanks in advance! I promise to post all solutions.

- Danny O'Brien

On Jan 29, 2004, at 1:07 PM, Rosenstrauch, David wrote:

-----Original Message-----
From:Danny O'Brien [mailto:dannyo@steinrogan.com]
Sent:Thursday, January 29, 2004 12:19 PM
Subject:Web server with PHP setup & mod-ssl


 - does "apt-get upgrade" always provide the most secure versions? The reason I ask is:
[Rosenstrauch, David] 
Debian stable is considered the most secure.  A distro isn't promoted from testing to stable until it's been thoroughly tested.  (See)

- Apache 1.3.26 seems ancient -- is this an OK version to run? I have executed apt-get upgrade, and apt.conf is set for "stable."
[Rosenstrauch, David] 

That said, the flip side of that is that there can be a *long* time between releases in stable.  The last major release of stable was on  19th of July, 2002.

So, yes, the version of Apache in stable is 1.3.26, which is older.  But, as the stable distro is considered the most stable, that's the one you should run if you're most concerned about security.  Although you certainly could upgrade to the version from testing (1.3.29) if you'd like, you should be aware that testing does not receive security updates in nearly as timely a fashion as stable.  (Seehttp://www.debian.org/security/faq#testing)  So that might be a bit on the risky side for you, depending on how secure and mission-critical you need this web server to be

- also, openssl is up to 0.9.6 "l" -- 0.9.6 "c" also seems ancient.

[Rosenstrauch, David] 
Same answer as Apache. 

- My previous build ran mod-ssl. However, there is no mod-ssl package in Debian. Has anyone installed mod-ssl under Debian, or is there a better program for this function?


- Danny O'Brien
[Rosenstrauch, David] 

There's an apache-ssl package under Debian.  Try "apt-get remove apache" followed by "apt-get install apache-ssl".





This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure.

Reply to: