1999-10-22 08:48:36 +00:00
|
|
|
Apache 1.3 + mod_ssl 2.4 ``mod_ssl combines the flexibility of
|
1999-06-02 07:18:42 +00:00
|
|
|
======================== Apache with the security of OpenSSL.''
|
|
|
|
|
|
|
|
The Apache Interface to OpenSSL ``The best SSL solution for
|
|
|
|
http://www.modssl.org/ Apache money can't buy.''
|
1998-08-27 16:00:05 +00:00
|
|
|
|
1998-12-03 09:37:06 +00:00
|
|
|
This is Apache version 1.3 plus mod_ssl which provides strong cryptography
|
|
|
|
via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
|
1999-03-04 20:21:43 +00:00
|
|
|
v1) protocols by the help of the SSL/TLS implementation toolkit OpenSSL which
|
|
|
|
is based on SSLeay from Eric A. Young and Tim J. Hudson. The mod_ssl package
|
|
|
|
was created in April 1998 by Ralf S. Engelschall and was originally derived
|
|
|
|
from software developed by Ben Laurie for use in the Apache-SSL HTTP server
|
|
|
|
project.
|
1998-12-03 09:37:06 +00:00
|
|
|
|
|
|
|
As a summary, here are its main SSL/TLS-related features:
|
|
|
|
o Open-Source software (BSD-style license)
|
|
|
|
o Useable for both commercial and non-commercial use
|
1999-06-02 07:18:42 +00:00
|
|
|
o Available for both Unix and Win32 (Windows 95/98/NT) platforms
|
1998-12-03 09:37:06 +00:00
|
|
|
o 128-bit strong cryptography world-wide
|
|
|
|
o Support for SSLv2, SSLv3 and TLSv1 protocols
|
1999-06-02 07:18:42 +00:00
|
|
|
o Support for both RSA and Diffie-Hellman ciphers
|
1998-12-03 09:37:06 +00:00
|
|
|
o Clean reviewable ANSI C source code
|
|
|
|
o Clean Apache module architecture
|
|
|
|
o Integrates seamlessly into Apache through an Extended API (EAPI)
|
|
|
|
o Full Dynamic Shared Object (DSO) support
|
1999-03-04 20:21:43 +00:00
|
|
|
o Support for the OpenSSL+RSAref US-situation
|
1998-12-03 09:37:06 +00:00
|
|
|
o Advanced pass-phrase handling for private keys
|
|
|
|
o X.509 certificate based authentication for both client and server
|
1999-06-02 07:18:42 +00:00
|
|
|
o X.509 certificate revocation list (CRL) support
|
1999-01-27 20:08:09 +00:00
|
|
|
o Support for per-URL renegotiation of SSL handshake parameters
|
1999-02-04 11:39:11 +00:00
|
|
|
o Support for explicit seeding of the PRNG from external sources
|
1998-12-03 09:37:06 +00:00
|
|
|
o Additional boolean-expression based access control facility
|
|
|
|
o Backward compatibility to other Apache SSL solutions
|
1999-06-08 09:04:21 +00:00
|
|
|
o Inter-process SSL session cache (DBM and Shared Memory based)
|
1998-12-03 09:37:06 +00:00
|
|
|
o Powerful dedicated SSL engine logging facility
|
|
|
|
o Simple and robust application to Apache source trees
|
|
|
|
o Fully integrated into the Apache 1.3 configuration mechanism
|
|
|
|
o Additional integration into the Apache Autoconf-style Interface (APACI)
|
1999-06-02 07:18:42 +00:00
|
|
|
o Assistance in X.509v3 certificate generation (both RSA and DSA)
|
1998-12-03 09:37:06 +00:00
|
|
|
|
|
|
|
All documentation can be found on-line on the Web:
|
|
|
|
o Apache: http://www.apache.org/
|
1999-06-02 07:18:42 +00:00
|
|
|
o mod_ssl: http://www.modssl.org/
|
1999-03-04 20:21:43 +00:00
|
|
|
o OpenSSL: http://www.openssl.org/
|