On Thu, Oct 28, 2010 at 8:10 AM, Lori Paniak <span dir="ltr"><<a href="mailto:ldpaniak@fourpisolutions.com">ldpaniak@fourpisolutions.com</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div class="im">On Wed, 2010-10-27 at 21:51 -0400, Paul Nijjar wrote:<br>
> On Tue, Oct 26, 2010 at 08:11:32PM -0400, Lori Paniak wrote:<br>
> ><br>
> > Enough editorializing - time for a practical question: how secure is the<br>
> > kwlug site? How can it be improved? At what cost? (Sounds like a new<br>
> > thread)<br>
><br>
> <a href="http://kwlug.org" target="_blank">kwlug.org</a> is not secure. It is on a shared host that (from what I<br>
> recall) runs a pretty old version of Apache. The Drupal installation<br>
> is hideously out of date as well.<br>
><br>
> I don't know whether CCJ/Clearline (who donates the space to us) is<br>
> willing to investigate SNI or not.<br>
><br>
><br>
><br>
> - Paul<br>
><br>
><br>
<br>
</div>This may not be necessary. I came across stunnel which looks like an<br>
SSL proxy system that runs on the server, listening for secure traffic<br>
and redirecting it locally (or remotely) to insecure web services.<br>
<br>
The link is: <a href="http://www.stunnel.org/" target="_blank">http://www.stunnel.org/</a><br>
<br>
Does anyone out there have experience/knowledge of this package?<br>
<br>
It runs on Linux, BSD and practically everything else and is apt-get<br>
installable FTW!<br>
<br>
Is it feasible to get a presentation/demo of procuring and installing<br>
public SSL certificates for use on a web server?<br></blockquote><div><br clear="all">I tried stunnel many years ago (8 or 9 years).<br><br>I can't remember all the details, but it still requires shell access, and admin<br>
rights to the server, i.e. a VPS or dedicated server. <br><br>It would not be possible in a shared environment to do it that way.<br><br>Another solution is reverse proxies that terminate SSL and leave<br>the web server setup the way it is (without SSL).<br>
<br>An example is Pound<br><a href="http://en.wikipedia.org/wiki/Pound_%28networking%29">http://en.wikipedia.org/wiki/Pound_%28networking%29</a><br><br>This allows you to have more than one backend web server, served<br>by a single SSL end point.<br>
<br>This still requires a server that you fully administer.<br></div></div>-- <br>Khalid M. Baheyeldin<br><a href="http://2bits.com">2bits.com</a>, Inc.<br><a href="http://2bits.com">http://2bits.com</a><br>Drupal optimization, development, customization and consulting.<br>
Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra<br>Simplicity is the ultimate sophistication. -- Leonardo da Vinci<br>