On Thu, Oct 05, 2000, Jeff Mayzurk wrote:
> > The latest version of apache/mod_ssl/openssl is what you want to be using.
> > This means apache-1.3.12, mod_ssl 0.9.6 and openssl 0.9.5a or 0.9.6.
>
> Thanks, but if you note my original message, I said we're locked into
> Apache 1.3.3 because of a third party module. Or, in other words, we
> can't upgrade to Apache 1.3.12 and mod_ssl 2.6.x.
>
> We're observing large memory leaks with mod_ssl 2.0.15. So my questions
> are:
>
> 1. Is 2.1.6 better than 2.0.15? Why was it deprecated? The leaks we're
> seeing look to be coming from SSLeay 0.9.0, anyway, so this may be
> irrelevant.
2.1.6 is certainly better than 2.0.15, but you really don't want to
install those ancient versions of both mod_ssl and Apache - even if you
think you are forced to use Apache 1.3.3. What compatibility problems
does your third-party module have?
> 2. Is there a backport of 2.6.x (or anything later than 2.1.x) to
> Apache 1.3.3? This would allow us to us OpenSSL instead of SSLeay.
No, sorry, there is no backport. And there will be no such backport,
because it is definitely not worth the porting effort. I would try
to convince/force the vendor of your third-party module to upgrade
to Apache 1.3.12. Because you really don't want to use the ancient
versions, believe me.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
