On Tue, May 04, 1999 at 07:40:58PM -0400, John Ioannidis wrote:
> Are they just different distributions, or are there fundamental
differences?
>
> I couldn't find the answer to this in the FAQs of either.
>
> I hope this isn't yet another religious thing...
Not exactly : Apache_SSL is a set of patches to Apache which enable Apache
to speak SSL, and was written by Ben Laurie. As a (complex) set of patches,
it requires major skill level to get up and running, and is said to be
definitely not for the fainthearted (= significant Unix knowledge required).
This package came first.
As there are a lot of the more fainthearted of us who would like to run
SSL-capable web-servers, Ralf Engelschall developed mod_SSL as a new Apache
module, *based on* a particular release of Ben Laurie's Apache_SSL, but
smartened up, "bug-fixed" and made less terrifying for the rest of us, with
an easier roadmap to follow for installation.
Both implementations use the SSLeay crypto library (now known as "OpenSSL",
since the SSLeay authors gained employment with a certain company) to do the
crypting stuff.
You can use whichever package appeals to you; mod_SSL is easier (my
opinion). I don't know whether there are advantages to still using
Apache_SSL, like maybe you gain access to tweaking more facilities that
(maybe) mod_SSL hides with suitable defaults behind its friendly face. [ I'm
speculating wildly here. ]
As Tom Minchin said in another reply a few minutes ago, there's more
information in the FAQ, where you will find Ralf's answer to this one. See
http://www.modssl.org/docs/2.3/ssl_faq.html
Regards,
> Nick Boyce
> [ Information Security Manager ]
> Systems Team, EDS Healthcare, Bristol, UK
> Internet email: [EMAIL PROTECTED] | tel: +44 117 989 2941
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
