It's -> its (where appropriate)

</strong>&nbsp;&nbsp;

    [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#wassenaar"><b>L</b></a>]

    <p>

    First, let us explain what <i>Wassenaar</i> and it's <i>Arrangement on

    First, let us explain what <i>Wassenaar</i> and its <i>Arrangement on

    Export Controls for Conventional Arms and Dual-Use Goods and

    Technologies</i> is: This is a international regime, established 1995, to

    control trade in conventional arms and dual-use goods and technology. It

    <code><b>$ telnet localhost 80</b></code><br>

    <code><b>GET / HTTP/1.0</b></code>

    <p>

    for simple testing the HTTP protocol of Apache, it's not such easy for

    for simple testing the HTTP protocol of Apache, it's not so easy for

    HTTPS because of the SSL protocol between TCP and HTTP. But with the

    help of OpenSSL's <code>s_client</code> command you can do a similar

    check even for HTTPS:

What about mod_ssl and the Wassenaar Arrangement?

</faq>

    First, let us explain what <i>Wassenaar</i> and it's <i>Arrangement on

    First, let us explain what <i>Wassenaar</i> and its <i>Arrangement on

    Export Controls for Conventional Arms and Dual-Use Goods and

    Technologies</i> is: This is a international regime, established 1995, to

    control trade in conventional arms and dual-use goods and technology. It

    <code><b>$ telnet localhost 80</b></code><br>

    <code><b>GET / HTTP/1.0</b></code>

    <p>

    for simple testing the HTTP protocol of Apache, it's not such easy for

    for simple testing the HTTP protocol of Apache, it's not so easy for

    HTTPS because of the SSL protocol between TCP and HTTP. But with the

    help of OpenSSL's <code>s_client</code> command you can do a similar

    check even for HTTPS:

way of processing requests. This chapter gives instructions on how to solve

such typical situations. Treat is as a first step to find out the final

solution, but always try to understand the stuff before you use it. Nothing is

worse than using a security solution without knowing it's restrictions and

worse than using a security solution without knowing its restrictions and

coherences.

<ul>

In short: The server has a Global ID server certificate, signed by a special

CA certificate from Verisign which enables strong encryption in export

browsers. This works as following: The browser connects with an export cipher,

the server sends it's Global ID certificate, the browser verifies it and

the server sends its Global ID certificate, the browser verifies it and

subsequently upgrades the cipher suite before any HTTP communication takes

place. The question now is: How can we allow this upgrade, but enforce strong

encryption. Or in other words: Browser either have to initially connect with

way of processing requests. This chapter gives instructions on how to solve

such typical situations. Treat is as a first step to find out the final

solution, but always try to understand the stuff before you use it. Nothing is

worse than using a security solution without knowing it's restrictions and

worse than using a security solution without knowing its restrictions and

coherences.

</td>

In short: The server has a Global ID server certificate, signed by a special

CA certificate from Verisign which enables strong encryption in export

browsers. This works as following: The browser connects with an export cipher,

the server sends it's Global ID certificate, the browser verifies it and

the server sends its Global ID certificate, the browser verifies it and

subsequently upgrades the cipher suite before any HTTP communication takes

place. The question now is: How can we allow this upgrade, but enforce strong

encryption. Or in other words: Browser either have to initially connect with

The following <em>source</em> variants are available:

<ul>

<li><code>builtin</code>

    <p> This is the always available builtin seeding source. It's usage

    <p> This is the always available builtin seeding source. Its usage

    consumes minimum CPU cycles under runtime and hence can be always used

    without drawbacks. The source used for seeding the PRNG contains of the

    current time, the current process id and (when applicable) a randomly

    find under <i>rndcontrol(8)</i> on those platforms. Alternatively, when

    your system lacks such a random device, you can use tool

    like <a href="http://www.lothar.com/tech/crypto/">EGD</a>

    (Entropy Gathering Daemon) and run it's client program with the

    (Entropy Gathering Daemon) and run its client program with the

    <code>exec:/path/to/program/</code> variant (see below) or use

    <code>egd:/path/to/egd-socket</code> (see below).

<p>

    This is the Transport Layer Security (TLS) protocol, version 1.0. It is the

    successor to SSLv3 and currently (as of February 1999) still under

    construction by the Internet Engineering Task Force (IETF). It's still

    not supported by any popular browsers.

    not supported by all popular browsers.

<p>

<li><code>All</code>

    <p>