You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "LeTortorec, Jean-Louis" <JL...@healthcore.com> on 2002/04/03 23:37:41 UTC
Apache, php, mod_ssl and Apache-SSL
Hello every body:
Do you know where I could find literature helping me choosing between
Apache-SSL and mod_ssl?
I know that one came from the other one, looks like they're both good...
Thanks for your suggestions.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Apache, php, mod_ssl and Apache-SSL
Posted by Owen Boyle <ob...@bourse.ch>.
"LeTortorec, Jean-Louis" wrote:
>
> Hello every body:
>
> Do you know where I could find literature helping me choosing between
> Apache-SSL and mod_ssl?
>
> I know that one came from the other one, looks like they're both good...
I'm sure no-one has written a comparative study, if that's what you're
looking for :-)
AFAIU, the original problem was that the apache API did not provide the
functionality to connect to the openssl library functions (which are
essential for SSL). Apache-SSL solved this by taking the apache source
and adding code to allow this connectivity. Thus, Apache-SSL is a
monolithic, SSL-aware version of apache.
With mod_ssl, an extension to the apache API was written, then the SSL
functionality was placed in an external module which could be statically
linked or loaded at run-time.
As to which is better - that is very much a matter of opinion and
guaranteed to start a flame war...
I would make the following observations, however (disclaimer: I use
mod_ssl):
Binary:
mod_ssl with a DSO apache allows you to run the server *without* SSL.
This might be useful if you run several instances of apache - some could
be with SSL, others without. Those without would obviously be much
smaller in terms of the binary memory footprint. This might appeal to
those who strive for parsimony. Apache-SSL or a statically compiled
apache+mod_ssl is always the same binary regardless of whether you use
SSL or not.
Ease of install:
I only installed Apache-SSL once but I remember it being a trifle
complicated. Personally, I find mod_ssl installation more streamlined.
Versions:
The last time I looked, Apache-SSL was a few versions behind (currently
1.3.22 - obviously, since it depends on apache, there is a latency
between a new apache release and the corresponding Apache-SSL version).
If you like to keep your apache up-to-date, you might find yourself
waiting a while with Apache-SSL.
mod_ssl is usually upgraded within a few days of an apache upgrade.
Since I like to wait about a week before upgrading (so others can
burn-in the new version ;-), I find never find this a problem.
Personally, I found the mod_ssl approache more flexible and the prompt
upgrading is a definite plus. I never ran Apache-SSL in production so I
can't comment on robustness or performance, but I've never had any
problems with mod_ssl.
You pays your money, you makes your choice!
Owen Boyle.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org