SSL proxy and session caching
Hi, I have the following problem. I configured Apache 2.0.40 + openssl 0.9.6g as a reverse proxy to a secure server (e.g. it receives http requests from clients and sends https requests to the server), and got some performance problems. I noticed that the https requests don't reuse SSL sessions, and so one can get reasonable performances only with pages made of few files. Does anybody know if there are simple workarounds to this problem? Thx in advance. Claudio Campetto __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Maintainership of mod_ssl
Hi Ralf and everybody Wouldn't it now be about time to transfer maintainership of mod_ssl to somebody else (if there is anybody willing and capable available) , as this software is now obviously unmaintained except for important security fixes. Ralf has done a tremendous job in providing and maintaining mod_ssl, but obviously has no more time left to actively work on it. But there are still people (me at least) who would like to enhance mod_ssl beyond the very neccessary. Unfortunately mails with patches to do so are not even replied. How do other people and most of all, how does Ralf think about this? Bye Tim __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Maintainership of mod_ssl
Hi all I agree, I haven't seen much movement/improvements with mod_ssl in the last months and in this industry things need to get moving in order to keep the software in touch with its neighbours (apache, open_ssl, mod_authz_ldap to name a few) and therefore each one improving on the other. If Ralf cannot afford the time then I am for someone else (like you Tim) to take over the reigns (either fully or partially). It is really important that users see mod_ssl constantly improving itself. Best regards Jose Correia -Original Message- From: Tim Tassonis [mailto:[EMAIL PROTECTED]] Sent: 25 September 2002 15:50 To: [EMAIL PROTECTED] Subject: Maintainership of mod_ssl Hi Ralf and everybody Wouldn't it now be about time to transfer maintainership of mod_ssl to somebody else (if there is anybody willing and capable available) , as this software is now obviously unmaintained except for important security fixes. Ralf has done a tremendous job in providing and maintaining mod_ssl, but obviously has no more time left to actively work on it. But there are still people (me at least) who would like to enhance mod_ssl beyond the very neccessary. Unfortunately mails with patches to do so are not even replied. How do other people and most of all, how does Ralf think about this? Bye Tim __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Maintainership of mod_ssl
Part of the reson is that mod_ssl was moved into the Apache 2.0 codebase, development has been quite active there. So although 1.3 development may be necessary and useful, long term I think 2.0 is the way to go Cheers Daniel Hi all I agree, I haven't seen much movement/improvements with mod_ssl in the last months and in this industry things need to get moving in order to keep the software in touch with its neighbours (apache, open_ssl, mod_authz_ldap to name a few) and therefore each one improving on the other. If Ralf cannot afford the time then I am for someone else (like you Tim) to take over the reigns (either fully or partially). It is really important that users see mod_ssl constantly improving itself. Best regards Jose Correia -Original Message- From: Tim Tassonis [mailto:[EMAIL PROTECTED]] Sent: 25 September 2002 15:50 To: [EMAIL PROTECTED] Subject: Maintainership of mod_ssl Hi Ralf and everybody Wouldn't it now be about time to transfer maintainership of mod_ssl to somebody else (if there is anybody willing and capable available) , as this software is now obviously unmaintained except for important security fixes. Ralf has done a tremendous job in providing and maintaining mod_ssl, but obviously has no more time left to actively work on it. But there are still people (me at least) who would like to enhance mod_ssl beyond the very neccessary. Unfortunately mails with patches to do so are not even replied. How do other people and most of all, how does Ralf think about this? Bye Tim __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Maintainership of mod_ssl
On Wed, 25 Sep 2002 08:08:50 -0700 daniel [EMAIL PROTECTED] wrote: Part of the reson is that mod_ssl was moved into the Apache 2.0 codebase, development has been quite active there. So although 1.3 development may be necessary and useful, long term I think 2.0 is the way to go Of course you are right. But at the present time, Apache 1.3 is still the widely used Apache production server, since most modules haven't been ported yet. I'm quite sure this situation will remain for a year or so. That's quite a long time to wait for needed functionality. Btw.: I'm definitely the wrong man for the job, lacking both resources and skills to be resonsible for such an important module. Bye Tim Cheers Daniel Hi all I agree, I haven't seen much movement/improvements with mod_ssl in the last months and in this industry things need to get moving in order to keep the software in touch with its neighbours (apache, open_ssl, mod_authz_ldap to name a few) and therefore each one improving on the other. If Ralf cannot afford the time then I am for someone else (like you Tim) to take over the reigns (either fully or partially). It is really important that users see mod_ssl constantly improving itself. Best regards Jose Correia -Original Message- From: Tim Tassonis [mailto:[EMAIL PROTECTED]] Sent: 25 September 2002 15:50 To: [EMAIL PROTECTED] Subject: Maintainership of mod_ssl Hi Ralf and everybody Wouldn't it now be about time to transfer maintainership of mod_ssl to somebody else (if there is anybody willing and capable available) , as this software is now obviously unmaintained except for important security fixes. Ralf has done a tremendous job in providing and maintaining mod_ssl, but obviously has no more time left to actively work on it. But there are still people (me at least) who would like to enhance mod_ssl beyond the very neccessary. Unfortunately mails with patches to do so are not even replied. How do other people and most of all, how does Ralf think about this? Bye Tim __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)
Cliff Wooley: But there's a reason we can't distribute crypto binaries from apache.org -- if we could, we would. Guess we wait for Ralf to check up on the contrib area. Correct me if I'm wrong, but I thought that ITAR restrictions eased up about a year ago, so OpenSSL strong crypto can now be exported with no problems *except* to specially targeted countries like Iraq. Case in point: MSIE 6 includes strong SSL (buggy but strong) and you can download it off microsoft.com with no restrictions. I vaguely remember downloading a strong crypto Mozilla or Opera or something like that some months ago by just filling in a form saying that I'm not a terrorist and I don't live in Cuba, Iraq or such. ¿Is there anybody here on the cypherpunk lists who can clarify? MZ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: certificate + network ACL + passwords problem?
I was once rumoured to have written: SSLRequire ( %{SSL_CIPHER_USEKEYSIZE} = 128 and %{SSL_CLIENT_VERIFY} eq SUCCESS ) # Allow any of certs, network access or basic auth Satisfy any # Network Access Control Order deny,allow Denyfrom all Allow from 127.0.0.1 Allow from 199.85.99.0/24 FWIW, I just figured out that if I move the network access control into the SSLRequire line, then I get my desired behaviour: SSLRequire (( %{SSL_CIPHER_USEKEYSIZE} = 128 \ and %{SSL_CLIENT_VERIFY} eq SUCCESS ) \ or ( %{REMOTE_ADDR} =~ m/^127\.0\.0\.1|199\.85\.99\.[0-9]+$/ )) It's better than nothing, I guess :-) -- Harald Koch [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Is anyone doing this!?!
I need to know if anyone else is doing this successfully... loading apache aware ssl with multiple vhosts --- all with their own PEM passphrase on their key files --- and each has thier own PassPhraseDialog exec: line where it gets the password from... if you do this sucessfully, can you please send a part of ur httpd.conf file so I can see how you are doing it, the way im doing it is messing it up because what it ends up doing is taking the very last occurance of the PassPhraseDialog directive and uses it for ALL of the sites when it should us each one for each site respectively... any help? __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)
You are correct in that statement. How ever I'm still trying to clerify a few little potential snaggs. From what I've seen a permit may be required, for export / downloads to non-US locations. Hosting servers may need to have the ability to deny downloads to locations that shouldn't have it. (don't ask me, I'm just reading this stuff) While it has relaxed, it still appears to be full of red tape. If anyone else is checking on this, let me know if you find any documention that makes sense :-/ - Original Message - From: Marco A. Zamora Cunningham [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 25, 2002 11:48 AM Subject: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip) Cliff Wooley: But there's a reason we can't distribute crypto binaries from apache.org -- if we could, we would. Guess we wait for Ralf to check up on the contrib area. Correct me if I'm wrong, but I thought that ITAR restrictions eased up about a year ago, so OpenSSL strong crypto can now be exported with no problems *except* to specially targeted countries like Iraq. Case in point: MSIE 6 includes strong SSL (buggy but strong) and you can download it off microsoft.com with no restrictions. I vaguely remember downloading a strong crypto Mozilla or Opera or something like that some months ago by just filling in a form saying that I'm not a terrorist and I don't live in Cuba, Iraq or such. ¿Is there anybody here on the cypherpunk lists who can clarify? MZ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)
On Wed, 25 Sep 2002, Ken C wrote: From what I've seen a permit may be required, for export / downloads to non-US locations. Hosting servers may need to have the ability to deny downloads to locations that shouldn't have it. (don't ask me, I'm just reading this stuff) While it has relaxed, it still appears to be full of red tape. That sounds about like my understanding, yeah. Note also that the rules for binary distributions are different from those of source distributions for some reason. Sheesh. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)
Everyone have their reading glasses on? In an effort to get to the meat of the issue without all the mind numbing legal double talk I made a couple of phone calls. (I figured what the hell, they take what they want from my income, I'll make them regret answering the phone) I appears that since the module is going to be free to everyone who wants/needs it the only thing that may need to be done is notifying them what the url is, and provide a disclamer warning about export regulations. I still have a few things to read through though. I may need some information such as who wrote the app (company, etc). *ideas anyone?? (I'm new to OpenSSL and the various modules so excuse me if the answer to that is obvious) Once I get this figured out, the module should have an additional 1-14 download locations. (if desired) - Original Message - From: Cliff Woolley [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 25, 2002 9:15 PM Subject: Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip) On Wed, 25 Sep 2002, Ken C wrote: From what I've seen a permit may be required, for export / downloads to non-US locations. Hosting servers may need to have the ability to deny downloads to locations that shouldn't have it. (don't ask me, I'm just reading this stuff) While it has relaxed, it still appears to be full of red tape. That sounds about like my understanding, yeah. Note also that the rules for binary distributions are different from those of source distributions for some reason. Sheesh. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)
Ken Campney wrote: Everyone have their reading glasses on? In an effort to get to the meat of the issue without all the mind numbing legal double talk I made a couple of phone calls. (I figured what the hell, they take what they want from my income, I'll make them regret answering the phone) I appears that since the module is going to be free to everyone who wants/needs it the only thing that may need to be done is notifying them what the url is, and provide a disclamer warning about export regulations. I still have a few things to read through though. I may need some information such as who wrote the app (company, etc). *ideas anyone?? (I'm new to OpenSSL and the various modules so excuse me if the answer to that is obvious) Once I get this figured out, the module should have an additional 1-14 download locations. (if desired) Ken, This is great! For what it is worth there is a disclaimer on this page that may serve the purpose you describe in your comments. http://www.modssl.org/source/ A good source of names for all of the parts can be found in the LICENSE.TXT from the Apache 2.0.42 build - I have included it as an attachment. Please let me know if there is anything else that I can do to assist you. Thank you for taking the time to check on the export rules. Chris. /* * The Apache Software License, Version 1.1 * * Copyright (c) 2000-2002 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright *notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright *notice, this list of conditions and the following disclaimer in *the documentation and/or other materials provided with the *distribution. * * 3. The end-user documentation included with the redistribution, *if any, must include the following acknowledgment: * This product includes software developed by the *Apache Software Foundation (http://www.apache.org/). *Alternately, this acknowledgment may appear in the software itself, *if and wherever such third-party acknowledgments normally appear. * * 4. The names Apache and Apache Software Foundation must *not be used to endorse or promote products derived from this *software without prior written permission. For written *permission, please contact [EMAIL PROTECTED] * * 5. Products derived from this software may not be called Apache, *nor may Apache appear in their name, without prior written *permission of the Apache Software Foundation. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * http://www.apache.org/. * * Portions of this software are based upon public domain software * originally written at the National Center for Supercomputing Applications, * University of Illinois, Urbana-Champaign. */ APACHE HTTP SERVER SUBCOMPONENTS: The Apache HTTP Server includes a number of subcomponents with separate copyright notices and license terms. Your use of the source code for the these subcomponents is subject to the terms and conditions of the following licenses. For the mod_mime_magic component: /* * mod_mime_magic: MIME type lookup via file magic numbers * Copyright (c) 1996-1997 Cisco Systems, Inc. * * This software was submitted by Cisco Systems to the Apache Group in July * 1997. Future revisions and derivatives of this source code must * acknowledge Cisco Systems as the original contributor of this module. * All other licensing and usage conditions are those of the Apache Group. * * Some of this code is derived from the free version of the file command * originally posted to comp.sources.unix. Copyright info
passpharse starting https
Hello, Im sure im not the only one that has ever asked this but couldnt really find anything on google. What happens if you what to have your passphrase entered automatic when starting https, especially if your not sitting at your system at 3am... Thanks upfront... Rob __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)
No problem. Actually the only information I was looking for was who Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip actually belonged to (is it Apache, OpenSSL, or Mod_ssl) There are a few US mirrors setup on the modssl.org so it's just a matter of making sure everything is setup correctly. (Don't need any un-expected visitors) You were correct, the disclamer used on both modssl.org and openssl.org is pretty much all I need. Who knows with any luck this file should have an additional home by the end of the week.. Thanks for the provided information Chris. Ken - Original Message - From: hunter [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 25, 2002 10:25 PM Subject: Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip) Ken Campney wrote: Everyone have their reading glasses on? In an effort to get to the meat of the issue without all the mind numbing legal double talk I made a couple of phone calls. (I figured what the hell, they take what they want from my income, I'll make them regret answering the phone) I appears that since the module is going to be free to everyone who wants/needs it the only thing that may need to be done is notifying them what the url is, and provide a disclamer warning about export regulations. I still have a few things to read through though. I may need some information such as who wrote the app (company, etc). *ideas anyone?? (I'm new to OpenSSL and the various modules so excuse me if the answer to that is obvious) Once I get this figured out, the module should have an additional 1-14 download locations. (if desired) Ken, This is great! For what it is worth there is a disclaimer on this page that may serve the purpose you describe in your comments. http://www.modssl.org/source/ A good source of names for all of the parts can be found in the LICENSE.TXT from the Apache 2.0.42 build - I have included it as an attachment. Please let me know if there is anything else that I can do to assist you. Thank you for taking the time to check on the export rules. Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)
ERRR. Do I have the right file name?? lol What ever the file name/names in need of a depot is, I'm assuming it was Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip Ken - Original Message - From: Ken Campney [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 25, 2002 10:42 PM Subject: Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip) No problem. Actually the only information I was looking for was who Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip actually belonged to (is it Apache, OpenSSL, or Mod_ssl) There are a few US mirrors setup on the modssl.org so it's just a matter of making sure everything is setup correctly. (Don't need any un-expected visitors) You were correct, the disclamer used on both modssl.org and openssl.org is pretty much all I need. Who knows with any luck this file should have an additional home by the end of the week.. Thanks for the provided information Chris. Ken - Original Message - From: hunter [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 25, 2002 10:25 PM Subject: Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip) Ken Campney wrote: Everyone have their reading glasses on? In an effort to get to the meat of the issue without all the mind numbing legal double talk I made a couple of phone calls. (I figured what the hell, they take what they want from my income, I'll make them regret answering the phone) I appears that since the module is going to be free to everyone who wants/needs it the only thing that may need to be done is notifying them what the url is, and provide a disclamer warning about export regulations. I still have a few things to read through though. I may need some information such as who wrote the app (company, etc). *ideas anyone?? (I'm new to OpenSSL and the various modules so excuse me if the answer to that is obvious) Once I get this figured out, the module should have an additional 1-14 download locations. (if desired) Ken, This is great! For what it is worth there is a disclaimer on this page that may serve the purpose you describe in your comments. http://www.modssl.org/source/ A good source of names for all of the parts can be found in the LICENSE.TXT from the Apache 2.0.42 build - I have included it as an attachment. Please let me know if there is anything else that I can do to assist you. Thank you for taking the time to check on the export rules. Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)
Ken Campney wrote: ERRR. Do I have the right file name?? lol What ever the file name/names in need of a depot is, I'm assuming it was Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip Ken - Original Message - From: Ken Campney [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 25, 2002 10:42 PM Subject: Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip) Ken, I copied the filename conventions from the previous versions ... looked at them to see what they contain, so as to remain consistent. A large number of people still want to use the Apache 1.3.26, with fixed OpenSSL - I am using Apache 2.0.40 (soon to move to 2.0.42). I can make any version, but this is the most popular right now. OpenSA has a nice distribution, but I have not checked to see what rev's they are at. Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip - contains Apache 1.3.26 and Mod_SSL 2.8.10, binaries built with OpenSSL libs, etc. Openssl-0.9.6g-Win32.zip - contains only OpenSSL binaries The parts are not so well integrated as they are with Apache 2.0.42. Apache_2.0.42-OpenSSL_0.9.6g-Win32.zip - contains all 3 parts - Mod_SSL is built into Apache 2 and the make like to put the OpenSSL binaries into the Apache/bin directory. Actual urls... http://tor.ath.cx/~hunter/apache/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip http://tor.ath.cx/~hunter/apache/Openssl-0.9.6g-Win32.zip http://tor.ath.cx/~hunter/apache/Apache_2.0.42-OpenSSL_0.9.6g-Win32.zip I hope I did not misunderstood what you wanted ... (I talk too much) Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)
Ken, The source for: - Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip - Openssl-0.9.6g-Win32.zip 2002.09.21 12.08 3,066,788 apache_1.3.26-win32-src.zip 2002.09.18 04.32 753,241 mod_ssl-2.8.10-1.3.26.tar.gz.tar 2002.09.21 12.09 2,170,570 openssl-0.9.6g.tar.gz.tar The source for: - Apache_2.0.42-OpenSSL_0.9.6g-Win32.zip 2002.09.25 01.14 6,750,712 httpd-2.0.42-win32-src.zip 2002.09.21 12.09 2,170,570 openssl-0.9.6g.tar.gz.tar Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]