[Zope] SSL

[ruger@comnett.net]

well .. I finally got M2Crypto to compile (wrong version of swig) and when I 
went to install it is was wanting to overwrite stuff like 
/ZServer/__init__.py and whatnot so I cancelled out and backed everything up, 
thank goodness, because when I did let it overwrite them it destroyed the 
zope server. I tried everything to get this thing back up and had to fall 
back on the back-ups. It can't be THIS HARD to get a secure connection on 
Zope! Thanks for your input.

Rick


On Wednesday 10 April 2002 11:37 am, you wrote:
> On Wed, Apr 10, 2002 at 10:20:09AM -0700, D. Rick Anderson wrote:
> > What is the best method for implementing SSL for Zope on RedHat 7.1? I've
> > tried the Apache front-end thing and it works for our local network but
> > the web server is behind a firewall and something about portforwarding
> > keeps it from working through the firewall. Isn't there some product that
> > you can simply install into Zope that gives you SSL capability? I looked
> > into MCrypto but it wouldn't compile correctly on this box.
>
> I would look at the portforwarding stuff again.  You should definately
> be able to pierce the firewall for https using portforwarding.  I do
> this all the time.  It does lead to other problems (the remote client
> sees a host name mismatch.)
>
> Otherwise, you are going to have to ssl proxy outside the firewall.  The
> problem with this is that it uses a lot of cycles, so you probably do
> not want this on the firewall.  On the other hand, if you do all of your
> decryption outside the firewall, you have partially negated the value of
> having the traffic encrypted in the first place.
>
> Jim Penny
>
> > TIA
> >
> > Rick
> >
> >
> > _______________________________________________
> > Zope maillist  -  Zope@zope.org
> > http://lists.zope.org/mailman/listinfo/zope
> > **   No cross posts or HTML encoding!  **
> > (Related lists -
> >  http://lists.zope.org/mailman/listinfo/zope-announce
> >  http://lists.zope.org/mailman/listinfo/zope-dev )