How Do I Enable Tls-srp?

1.	How Do I Enable Tls-srp?
Answer» TLS-SRP (Secure Remote Password key exchange for TLS, specified in RFC 5054) can supplement or replace certifi- cates in authenticating an SSL connection. To use TLS-SRP, set the SSLSRPVERIFIERFILE directive to point to an OpenSSL SRP verifier file. To CREATE the verifier file, use the openssl TOOL: openssl srp -srpvfile passwd.srpv -add username After creating this file, specify it in the SSL server CONFIGURATION: SSLSRPVerifierFile /path/to/passwd.srpv To FORCE clients to use non-certificate TLS-SRP cipher suites, use the following directive: SSLCipherSuite "!DSS:!ARSA:SRP" TLS-SRP (Secure Remote Password key exchange for TLS, specified in RFC 5054) can supplement or replace certifi- cates in authenticating an SSL connection. To use TLS-SRP, set the SSLSRPVERIFIERFILE directive to point to an OpenSSL SRP verifier file. To create the verifier file, use the openssl tool:

Answer»

TLS-SRP (Secure Remote Password key exchange for TLS, specified in RFC 5054) can supplement or replace certifi- cates in authenticating an SSL connection. To use TLS-SRP, set the SSLSRPVERIFIERFILE directive to point to an OpenSSL SRP verifier file.

To CREATE the verifier file, use the openssl TOOL:

openssl srp -srpvfile passwd.srpv -add username
After creating this file, specify it in the SSL server CONFIGURATION:
SSLSRPVerifierFile /path/to/passwd.srpv
To FORCE clients to use non-certificate TLS-SRP cipher suites, use the following directive:
SSLCipherSuite "!DSS:!ARSA:SRP"

To create the verifier file, use the openssl tool:

Discussion

No Comment Found

Related InterviewSolutions

How Do I Enable Tls-srp?
When I Use Basic Authentication Over Https The Lock Icon In Netscape Browsers Stays Unlocked When The Dialog Pops Up. Does This Mean The Username/password Is Being Sent Unencrypted?
How Do I Get Ssl Compression Working?
Why Can’t I Use Ssl With Name-based/non-ip-based Virtual Hosts?
Why Do I Get A ’no Shared Ciphers’ Error When Connecting To My Newly Installed Server?
Why Do I Get “no Shared Cipher” Errors, When Trying To Use Anonymous Diffie-hellman (adh) Ciphers?
What Ssl Ciphers Are Supported By Mod Ssl?
Why Do Https Connections To My Server Sometimes Take Up To 30 Seconds To Establish A Connection?
Why Does My Webserver Have A Higher Load, Now That It Serves Ssl Encrypted Traffic?
Why Do I Get Lots Of Random Ssl Protocol Errors Under Heavy Server Load?

How Do I Enable Tls-srp?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment