June 2010 Archives

Upgrading to MT 5: Comment Login via...

By Larry on June 8, 2010 12:36 PM | No Comments | No TrackBacks

I just upgraded to Movable Type 5, and I'm testing the different comment sign-in possiblities. MT5 supports OpenID, LiveJournal, Vox, TypePad, Google, Yahoo, AIM, Wordpress.com, Yahoo!JAPAN, livedoor, and Hatena. You'll see these choices if you hit the sign in link below.

I have also enabled SSL with a self-signed cert, so if you're shy about signing in to comment via http, just switch it to https by typing the s in your link bar. And no, I have not found a way to globally change signins to SSL in MT 5.

How to dial up encryption so high in Apache that it breaks IE and Chrome

By Larry on June 4, 2010 4:14 PM | 1 Comment | No TrackBacks

So you want to require strong encryption in Apache's httpd 2.0? So strong that Firefox is the only browser that can connect?
In /etc/httpd/conf.d/ssl.conf, edit the two lines as below:
SSLProtocol TLSv1
SSLCipherSuite HIGH
Then go to
/etc/httpd/conf/httpd.conf and edit your 

<Directory> </Directory>
to include the following line:
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 256
Then
apachectl configtest
to check for typos.
Finally
/etc/rc.d/init.d/httpd restart

What this does is make browsers do
TLSv1 DHE-RSA-CAMELLIA256-SHA only.

You can then watch your SSL handshakes fail from IE and Chrome. If you want to require strong encryption across browsers, edit ssl.conf to look like this:

SSLProtocol TLSv1
SSLCipherSuite AES256-SHA

Then you'll have reasonably strong encryption.

« February 2010 | Main Index | Archives | August 2010 »

Search

About this Archive

This page is an archive of entries from June 2010 listed from newest to oldest.

February 2010 is the previous archive.

August 2010 is the next archive.

Find recent content on the main index or look in the archives to find all content.