You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Derrick Koes <De...@skillsoft.com> on 2009/06/09 19:43:10 UTC
tcnative-1.dll on windows environment questions
The IRI http://tomcat.apache.org/tomcat-5.5-doc/apr.html has the
information quoted below about the tcnative-1.dll.
"Windows binaries are provided for tcnative-1, which is a statically
compiled .dll which includes OpenSSL and APR. It can be downloaded from
here <http://tomcat.heanet.ie/native/> as 32bit or AMD x86-64 binaries.
In security conscious production environments, it is recommended to use
separate shared dlls for OpenSSL, APR, and libtcnative-1, and update
them as needed according to security bulletins. Windows OpenSSL binaries
are linked from the Official OpenSSL website <http://www.openssl.org>
(see related/binaries)."
Why would I be concerned security-wise, to use separate dll files?
Can I get the separate, compatible binaries for libtcnative and APR?
Thanks,
Derrick
Re: tcnative-1.dll on windows environment questions
Posted by Mark Thomas <ma...@apache.org>.
Derrick Koes wrote:
> The IRI http://tomcat.apache.org/tomcat-5.5-doc/apr.html has the
> information quoted below about the tcnative-1.dll.
>
>
>
> "Windows binaries are provided for tcnative-1, which is a statically
> compiled .dll which includes OpenSSL and APR. It can be downloaded from
> here <http://tomcat.heanet.ie/native/> as 32bit or AMD x86-64 binaries.
> In security conscious production environments, it is recommended to use
> separate shared dlls for OpenSSL, APR, and libtcnative-1, and update
> them as needed according to security bulletins. Windows OpenSSL binaries
> are linked from the Official OpenSSL website <http://www.openssl.org>
> (see related/binaries)."
>
>
>
> Why would I be concerned security-wise, to use separate dll files?
As it says, so you can update them if a security vulnerability is
announced in one of the ddls without having to wait for the ASF to
provide you with a new static dll.
Mark
> Can I get the separate, compatible binaries for libtcnative and APR?
I think you'd need to compile tcnative yourself. APR is almost certainly
available.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: tcnative-1.dll on windows environment questions
Posted by Mladen Turk <mt...@apache.org>.
Derrick Koes wrote:
> The IRI http://tomcat.apache.org/tomcat-5.5-doc/apr.html has the
> information quoted below about the tcnative-1.dll.
>
>
>
> "Windows binaries are provided for tcnative-1, which is a statically
> compiled .dll which includes OpenSSL and APR. It can be downloaded from
> here <http://tomcat.heanet.ie/native/> as 32bit or AMD x86-64 binaries.
> In security conscious production environments, it is recommended to use
> separate shared dlls for OpenSSL, APR, and libtcnative-1, and update
> them as needed according to security bulletins. Windows OpenSSL binaries
> are linked from the Official OpenSSL website <http://www.openssl.org>
> (see related/binaries)."
>
This is a bit outdated page. ASF made agreement with US government,
( http://www.apache.org/dev/crypto.html )
so we can ship the binaries from our site, and we do so since version
1.1.13, so for more recent versions use the
http://tomcat.apache.org/download-native.cgi
Regards
--
^(TM)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org