On Tue, Dec 21, 1999, Thomas G. Peroulas wrote:
> I must enable my Apache server with SSL capability. I am considering
> Apache-SSL and mod_ssl.
> I am running an Apache web server using Perl CGI (OpenSSL 0.9.4 and
> Net::Crypt-SSLeay.pm) to pass https applications. Of course I can't pass
> https until I enable SSL on Apache.
>
> Perhaps you can help me with the following:
>
> 1. Should I use mod_ssl or Apache-SSL and why?
You should decide this on your own, please. I recommend you to compare them
yourself first (do a quick installation of both) and then make a reasonable
decision for _your_ situation (one cannot give a general answer, the decision
will certainly dependent on your situation). Keep in mind: on security issues
one always should at least have an own opinion first...
> 2. May I use either of the two commercially in the United States?
Whether commercially or not is not the question for the US. The question for
the US is whether you have the RSA license. You need one in the US, at least
for the next 10 months until RSA patent expires. Because of this you should
also add the commercial SSL solutions for Apache to the evaluation point
under 1) because they provide you with a more or less cheap RSA license.
> 3. If I cannot use these commercially in the states, would anyone recommend
> the IBM http server?
As I said, commercially or not is not important here.
> 4. Does anyone know offhand if the IBM http server is compatible with
> mod_perl?
If the IBM server allows you to recompile Apache from source, you can use
mod_perl, too. Else it becomes tricky (either you need a pre-built version
from IBM with mod_perl added or you need some pre-built mod_perl DSOs, etc.)
Ask IBM what they provide.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
