Hacker News new | past | comments | ask | show | jobs | submit login

IIRC they just ship Apache, so just follow the normal instructions for enabling perfect forward secrecy on Apache.



They ship Apache, but they only ship obsolescent (0.9.8) versions of OpenSSL. So their system Apache is built against OpenSSL 0.9.8y.


Thats rather unfortunate. I think you can use Homebrew to pull in newer stuff, though, but I haven't tried (I don't host stuff on my MBP, I use my Linux workstation for that).


I'm sure you could, but bear in mind that several OS X Server services are built on top of the system Apache and its configuration file structure, so you probably don't want to replace it with a package manager-built version if you rely on any of these services.

On the other hand, it wouldn't be too hard to build and install a version of the SSL module compatible with the system Apache linked against a newer OpenSSL version, however, and I wouldn't expect this to break Apple's services, at least not until you install an update that either breaks binary module compatability or clobbers your tweaked module configuration.

I don't use Homebrew, so I couldn't tell you if it's capable of building modules for the system Apache, but building the SSL module "by hand" for system Apache with Homebrew OpenSSL should be straightforward enough.


The point however is that for a few bucks Apple gives me a dead simple GUI to manage a few key services 'that just works'.

If I was inclined to download and compile libraries then I'd clearly be better off running a linux distro for complete control.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: