Closed ghost closed 5 years ago
yosifkit
commented
5 years ago Your recent activity duplication without context makes me think this is spam.
https://github.com/epfl-idevelop/jahia2wp/issues/926 https://github.com/LolHens/docker-httpd/issues/2 https://github.com/mprahl/s2i-angular-httpd24/issues/1 https://github.com/ManageIQ/httpd_configmap_generator/issues/38 https://github.com/CentOS/CentOS-Dockerfiles/issues/195
ghost
commented
5 years ago Hi yosifkit, Sorry for the inconvenience. I am a student majoring in computer science and what I am doing is a research project aiming at finding issues in configuration files. The issues I post are all checked and I think those issues could be useful for some people and help improving the configurations.
yosifkit
commented
5 years ago No problem; though I am not sure how the issue applies to this repo.
In your configuration file, I notice that you do not change the default value of SSLCARevocationCheck, which is none and disable the certificate revocation list (CRL) checking.
The Http server official document recommends to set SSLCARevocationCheck to chain, for better security. "When set to chain (recommended setting), CRL checks are applied to all certificates in the chain".
I wonder if there is any security concern if SSLCARevocationCheck is set to none. Thanks.