Jump to content

mod_ssl

From Wikipedia, the free encyclopedia


mod_ssl is an optional module for the Apache HTTP Server. It provides strong cryptography for the Apache v1.3 and v2 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) cryptographic protocols by the help of the Open Source SSL/TLS toolkit OpenSSL.

History

[edit]

The mod_ssl v1 package was initially created in April 1998 by Ralf S. Engelschall via porting Ben Laurie's Apache-SSL 1.17 source patches for Apache 1.2.6 to Apache 1.3b6.[1] Because of conflicts with Ben Laurie's development cycle it then was re-assembled from scratch for Apache 1.3.0 by merging the old mod_ssl 1.x with the newer Apache-SSL 1.18. From this point on mod_ssl lived its own life as mod_ssl v2.

The first publicly released version was mod_ssl 2.0.0 from August 10, 1998. After US export restrictions on cryptographic software were loosened, mod_ssl became part of the Apache HTTP Server with the release of Apache httpd 2.[2] As of October 10, 2009, the latest version released for mod_ssl in Apache 1.3 is mod_ssl v2.8.31-1.3.41 on February 8, 2008.[3]

Overview

[edit]

The original version created for Apache v1.3 was initially created in April 1998 by Ralf S. Engelschall via porting Ben Laurie's Apache-SSL 1.17 source patches for Apache 1.2.6 to Apache 1.3b6.[1] This version is under a BSD-style license. The version for v2.0 and later, in contrast, is maintained by Apache Software Foundation and licensed under Apache License 2.0.

It is possible to provide HTTP and HTTPS with a single server machine, because HTTP and HTTPS use different server ports, so there is no direct conflict between them. It is either the maintainer who would run two separate Apache server instances (one binds to port 80, the other to port 443) or use Apache's virtual hosting facility where the maintainer can create two virtual servers which Apache dispatches: one responding to port 80 and speaking HTTP and one responding to port 443 speaking HTTPS.

Differences

[edit]

The original mod_ssl in Apache 1.3 available at www.modssl.org is a third-party add-on package requiring additional steps in the compilation and configuration process. Also, the maintainer of the server needs to resolve additional system and Apache dependencies. Apache 2, in contrast, is a built-in module maintained by Apache Software Foundation, and mod_ssl can be easily activated in the compilation and configuration options.[4]

See also

[edit]

References

[edit]
  1. ^ a b "mod_ssl FAQ". mod_ssl.
  2. ^ "SSL/TLS Strong Encryption: FAQ - Apache HTTP Server". httpd.apache.org. Retrieved 2023-08-07.
  3. ^ "mod_ssl Home page". mod_ssl.
  4. ^ Thompson, Alex (2023-07-24). "Expert Tips for Website Protection". Retrieved 2023-08-07.
[edit]