On Wed, Jul 26, 2000 at 08:47:02AM -0400, Barry, Richard wrote:
> This may sound a little strange at first, but I'm looking for feedback from
> the experienced modssl-users readership on how people view the use of
> Apache/mod_ssl in a non-SSL configuration.
>
> My purpose for asking is that we are porting Apache and mod_ssl and
> packaging it for our customers. Most of our larger target customers will
> configure and use it with SSL enabled, but many customers won't. We have two
> options:
>
> a) Produce a single image with SSL capability
> b) Produce two images - one with SSL and one without SSL
>
> With option (a) non-SSL customers will not enable SSL, but will still need a
> server certificate (otherwise, "unable to generate a temporary RSA key"
> errors prevent Apache from starting).
>
> We'll also be looking at performance impact with option (a) in non-SSL mode.
>
> Are there any opinions or experience out there on either approach?
>
I would go for either the two image solution or building mod_ssl as a dso.
Solution a) would just add a lot of extra unneded overhead and require any
other dso modules to be built with -DEAPI. The reasoning for not using a)
is pretty much the same as is normally being used for dso's in general -
why waste cpu/memory for a module you don't need? If it was me I'd spend
some time with my lawyers trying to figure out wether compiling mod_ssl
as dso was actually doable - that sort of seems to be the best way to go -
especially if mod_ssl would stop complaining about modules without -DEAPI
when it is not running -DEAPI :)
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
