Hi all,
First of all my appologizes if my question is too simple, but I've been digging for a while and I couldn't manage to find any "good answer". This question was made to me by a security auditor and I promised to look for an answer cause I've no idea. The question is if you use mod_ssl with Apache2 for a secure site and you use a certificate with the private key 3des ciphered you are asked to enter the password at the server start time, but once started the password is clear in memory all the time or the server decrypts it for each use?. My concern is that it is clear in memory (otherwise it will be very time consuming) but just to be sure...
Thanks all,
