[OPEN-ILS-GENERAL] Disabling SSL in Evergreen ILS

Rogan Hamby rhamby at equinoxinitiative.org
Thu Mar 30 10:04:58 EDT 2017 

While SSL on an intranet may not be necessary it still isn't harmful.  I
may be of a paranoid bent but you can have security issues even on an
intranet, especially large geographically distributed ones.  And with the
increasingly punitive behavior of browsers to punish non-encrypted
connections in various ways (usually with warnings and such) I'd question
if it would be easier to just implement the SSL for the intranet than try
to pass around it.




Rogan Hamby

Data and Project Analyst

Equinox Open Library Initiative

phone:  1-877-OPEN-ILS (673-6457)

email:  rogan at EquinoxInitiative.org
web:  http://EquinoxInitiative.org

On Thu, Mar 30, 2017 at 10:00 AM, Jason Stephenson <jason at sigio.com> wrote:

> I should add that the staff client requires SSL and there's no easy way
> to chagne that, so you can't completely disable SSL and expect things to
> still function properly.
>
>
>
> On 03/30/2017 09:23 AM, Jason Stephenson wrote:
> > Jayaraj,
> >
> > It would be done via the Apache configuration files. You'd move
> > everything from the SSL enabled vhost configurations to the non-SSL
> > vhosts, i.e everything from the port 443 configuration sections to the
> > port 80 configuration. Some of that configuration is duplicated, so only
> > the unique things need to go.
> >
> > There may also be some directives to force SSL on some locations. You'll
> > want to remove those also.
> >
> > I'm writing this from memory without looking at the files, which is
> > alway a bad thing to do, but I think that covers it.
> >
> > HtH,
> > Jason
> >
> > On 03/30/2017 04:16 AM, Jayaraj JR wrote:
> >> Hello,
> >>
> >> Greetings of the day !
> >>
> >> SSL or https is a better option as far as security is concerned. But the
> >> heightened security level may not be necessary at many times especially
> >> while using Evergreen in Intranet. Besides the browser often warns the
> >> user that entering to my account in evergreen catalog is dangerous if
> >> purchased SSL is not implemented. This may often create confusion for
> >> childern and beginning users who are not well versed with computers.
> >> They are very often advised to add security exception for accessing the
> >> library catalog.
> >>
> >> It would appreciable, if any option or configuration is available to
> >> disable the SSL and to use the full library catalog via http.
> >> Kindly advice the configuration to use my account in Evergreen catalog
> >> via http itself and not https
> >>
> >> --
> >> Thanks in Advance,
> >>
> >> Jayaraj J R
> >> Library Information Assistant
> >> IISER Thiruvananthapuram
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://libmail.georgialibraries.org/pipermail/open-ils-general/attachments/20170330/4e2bbca3/attachment.html>

More information about the Open-ils-general mailing list