> -----Original Message-----
> From: Robert Covell [mailto:[EMAIL PROTECTED]]
> Sent: 01 March 2001 16:57
> To: [EMAIL PROTECTED]
> Subject: mod_ssl vs Apache-SSL
>
>
> A few questions on mod_ssl vs Apache-SSL. Just to say up
> front that email
> this is not intended to start a Flame War on the two SSL
> implementations.
> We just want to make an educated decision now for the future.
>
> Our current setup is on Stronghold and want to migrate to
> either a mod_ssl
> or Apache-SSL setup. I have searched both sites and several
> other areas for
> pros and cons on each and have found very little beyond the memory
> management that mod_ssl and Apache-SSL use. Can someone
> provide any pros
> and cons for each? Why one should go one way verses the other?
>
This is probably the wrong place to ask such a question, since almost
everyone on this list is using mod_ssl. However, I can give you my personal
experience, which I hope won't be taken personally by the people involved.
Initially I set up a secure site for our organisation so that we could take
donations. Our webmaster at the time was about to pay a ridiculous amount of
money to a third party to set this up. (In fact, we've probably received
this amount of money in donations with our current system). I believe this
was before mod_ssl was launched, so we started with Apache-SSL. However, I
noticed that the version we had of Apache-SSL was running behind the current
version of Apache. I think I then tried to apply the Apache-SSL patches to
Apache 1.3.6 (we were running 1.2.6 at the time), but could not get it to
compile.
I contacted Ben Laurie, the author of Apache-SSL, but he wasn't able to help
me, probably due to pressures of time that we all have. I was on the verge
of giving up when I was contacted by one of the maintainers of the RPMs for
mod_ssl who suggested I gave it a go. I was able to install it via RPMs and
haven't gone back since.
Now I'm a bit wiser about how RPMs work (having put a lot of time into
building them etc), I'm sometimes able to help out with issues regarding
them. I do prefer them to compiling binaries, because it is far easier for
me to document what I have installed and how to upgrade it. (Some of the
people I work with don't even know what "make" is).
In my opinion, this is one of the best support lists I've ever seen,
although I think it would be safe to say that it is very difficult to elicit
a response from Ralf (I've never had a reply regarding removing broken RPMs
from the ftp site, for example). Please don't take offence Ralf, I realise
you are very busy.
Thankfully though, there are people like Mads and Owen who will respond to
support issues quickly. I personally try to save them the bother whenever
the old chestnut about named-based SSL configuration comes up. However, it
may appear sometimes that all of us are a bit curt in our replies, but it's
best not to get worked up about it. There's plenty of other things to get
worked up about!
One postscript. It is scary to see how many sites are running old versions
of Apache. I've even seen some sites still running Apache 1.2.6. I won't
name them as I don't wish to incite "hackers". They don't need any more
encouragement.
-
John Airey
Internet Systems Support Officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
