Quote:> I don't see information on which SSL accelerator cards Apache can use
> and installation instructions
there's no such thing as an accelerator apache can use. apache uses an
ssl interface layer, be it mod_ssl or apachessl or sth else. this in
turn usually uses some ssl libraries, most common here is openssl.
openssl is available in an engine version which can access various
crypto-cards.
Quote:> Some cards do their internal SSL processing some other merely act as
> "accelerating" the intensive math processing, so you must use openssl
> with them.
i don't know about cards doing the whole ssl process, these are
usually extra boxes you put in front of your webserver to terminate
the ssl session. these should be rather transparent, ie you have an
unencrypted site, put the box in front of it and can access it via ssl
(provided there's no absolute links pointing to http://... of course).
the cards we use and those others i know about only do asymmetric
cryptography in hardware.
Quote:> As if the technical issues were not enough there are some political
> (export regulations relating to encryption) ones attach to them ...
i don't know much about these. best buy & use them outside us or
france and you're on the safe side, i've heard. ymmv
Quote:> I have also heard you must also serve images encrypted with https
> pages in order for browsers not to complain to users. Is that true?
> Does it happen with all the cards/configurations?
yes, unless the clients have very lenient browser settings, you need
to have the whole page encrypted in order to avoid "this page contains
secure and non-secure elements" popups which don't look good on a page
you're supposed to enter credit card data into.
Quote:> Does anyone around had experience on this or can point me to relevant
> info?
well, for specifics you probably need to ask the manufacturer of those
cards, ours are from rainbowtech and we use them under some hpux
variant. and no, i have not yet tried to get them to run under
linux...
joachim
by