[Info-vax] OpenSSL CSWS-2.2-1
Arne Vajhøj
arne at vajhoej.dk
Sat Apr 6 12:19:02 EDT 2019
On 4/6/2019 12:16 PM, Arne Vajhøj wrote:
> On 4/6/2019 8:32 AM, Neil Rieck wrote:
>> Strictly as an emergency backup plan, I've been working on trial to
>> replace CSWS-2.2-1 with WASD-11.
>>
>> For example, if my ~1,200 clients begin to use new browsers next year,
>> they might not be able to connect to my current system so I have got
>> to do something now. But that got me thinking about another problem:
>> we are receiving B2B SOAP transactions from a system in Montreal
>> (another company) which currently relies on SSLv3. If I upgrade my
>> web-server to something that doesn't offer SSLv3 (because it hasn't
>> been compiled into Apache's mod_ssl, or I've linked WASD to an SSL
>> library that is too restrictive) then I'm not going to be able to
>> receive those B2B SOAP connections.
>>
>> After a restless night of sleep it occurred to me that many other
>> systems are also going to run into this situation but no one seems to
>> be talking about it (at least not in the way they talked about Y2K).
>> So I have decided to call this problem "Y2K20" and have placed some
>> preliminary notes here:
>>
>> http://neilrieck.net/docs/calendar_time_y2k_etc.html#y2k20
>
> I don't know how general the problem is.
>
> OpenSSL and Apache httpd are open source.
>
> You can build OpenSSL with the protocols you want.
>
> In Apache config you can enable and disable the protocols you want.
Besides that then I would consider not serving static content and
web services from same server.
exposed web 1 serving static content
exposed web 2 web services
or
exposed web 1 serving static content and proxy to web 2
internal web 2 web services
or similar.
Arne
More information about the Info-vax
mailing list