Improving Apache Clustered Performance

Use Apache 2.4 (so if you use Centos / RHEL, use v7). This has lower memory requirements, stable Event MPM (see below) and far more functionality. If you terminate SSL at Apache, use a clustered cache to keep track of SSL sessions. Otherwise the SSL session establishment will have to be renegotiated every time you …

Continue reading ‘Improving Apache Clustered Performance’ »

Warn your clients before disabling SSLv3 on Apache for POODLE

With POODLE, everyone is hurrying to disable SSLv3 on their webservers. However some sites still have clients that for whatever reason have not updated from XP / IE6 (it’s only been out 13 years, what’s the rush?) Instead of immediately locking them out you might like to give them a few days warning with some …

Continue reading ‘Warn your clients before disabling SSLv3 on Apache for POODLE’ »

Fix “Internet Explorer cannot display the webpage” for Oracle Enterprise Manager

If you cannot view Oracle Enterprise Manager in IE, but can in other browsers, chances are you’ve hit the MS IE ssl keysize patch. A patch does exist for this (the problem is due to OEM using a 512 bit cert) but if you like you can frontend EM with Apache. Put this inside the …

Continue reading ‘Fix “Internet Explorer cannot display the webpage” for Oracle Enterprise Manager’ »

Check webserver SSL key size

To check if an SSL certificate passes the MS 1024 bit minimum key length requirement (1024 bits), run this command: