httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ralf S. Engelschall" <>
Subject [ANNOUNCE] Apache Interface to SSLeay (mod_ssl)
Date Tue, 11 Aug 1998 11:11:37 GMT
                       _             _ 
   _ __ ___   ___   __| |    ___ ___| |
  | '_ ` _ \ / _ \ / _` |   / __/ __| |  
  | | | | | | (_) | (_| |   \__ \__ \ |  mod_ssl - Apache Interface to SSLeay  
  |_| |_| |_|\___/ \__,_|___|___/___/_|
                       |_____|           Version 2.0.1-1.3.1

  ``This package interfaces Apache 1.3 to Eric Young's 
    SSL library in a clean way while still providing 
    compatibility to Ben Laurie's original Apache-SSL.''

  This Apache module provides strong cryptography for Apache via Netscape's
  Secure Socket Layer (SSL) through the free SSL implementation library SSLeay
  from Eric A.  Young and Tim Hudson.  The mod_ssl package was created by Ralf
  S. Engelschall. This product includes software developed by Ben Laurie for
  use in the Apache-SSL HTTP server project. 

  The main visible differences between the original Apache-SSL and mod_ssl are
  the totally overhauled and cleaned up source code (to make it reviewable),
  the full documentation of SSL configuration directives (to make it more
  useable), the automated application to the Apache 1.3 source tree (to make
  it a more robust package) and the full integration into the Apache 1.3
  configuration process without requiring manual editing (to make it easier to
  build). Additionally bugs were fixed and the source was really ported to the
  Apache 1.3 API (for instance it now correctly writes to Apache's error_log
  instead of directly to stderr, etc.). In total approximately between 100 and
  150 hours of work were spent in the last months to transform Apache-SSL into
  mod_ssl.  Now that the transition is done and maintainance starts the
  package is released to the Apache user community so they can benefit from
  this effort, too. 

  As a summary, here are its main features:

   o  Free SSL implementation for both commercial and non-commercial use,
      because mod_ssl stays under an Apache-style license and SSLeay is freely
      available, too.
   o  128 bit strong encryption world-wide, because developed in Europe and
      also distributed from Europe, only.

   o  Complete server and client authentication to be able to both
      authenticate a server for the clients and to create closed user groups
      for a server.

   o  Full source code available in clean format, i.e. people have the chance
      to verify and enhance the code theirself if necessary.
   o  Automated and robust application of the source extension and patches to
      a fresh Apache 1.3 source tree.

   o  Clean integration into Apache 1.3 through the new Apache 1.3
      Autoconf-style Interface (APACI), i.e. no manual source patching or
      editing necessary. Even the patched Apache source tree can be still
      compile an unencumbered Apache server containing no SSL stuff.  This way
      you can add additional third-party packages like mod_perl or PHP without

   o  Full installation support inside Apache 1.3, i.e. you can still use
      APACI's "make install" and all SSL stuff is automatically installed,

  For more details about mod_ssl please visit its webarea under

                                       Ralf S. Engelschall

View raw message