![]() | Configuration of the Module MOD_ssl |
The WWW server has base data encryption support built-in. There is a second port reserved for secure socket layer (SSL) connections. But the WWW server main part isn't able to handle data encryption - this has to be done by an external module. MOD_ssl contains initialization, encryption and decryption methods using OpenSSL (which was established on SSLeay by Eric Young - eay@cryptsoft.com).
In some countries data encryption is prohibited by law, in others it is
restricted. The USA for instance prohibits export of strong data encryption,
France prohibits use of data encryption for private use same as Russia does.
The module - as mentioned above - relies on an external library. If this
library is missing the operating system isn't able to load the module. If
encryption would be completely in the main program, in that case no operation
would be possible at all. So, that way, only the module can't be loaded and
access to the second port is blocked.
Notes:
Configuration is done via configuration section - see
module configuration for module MOD_ssl. The configuration parameters
are currently limited to PEM file path and name. The PEM file
contains the server certificate. On the initial start-up, the test certificate
is set.
Note:
| ©. 1998-2000 by Dirk Ohme |