1<html> 2<head> 3<title>mod_ssl: Preface</title> 4 5<!-- 6 Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved. 7 8 Redistribution and use in source and binary forms, with or without 9 modification, are permitted provided that the following conditions 10 are met: 11 12 1. Redistributions of source code must retain the above 13 copyright notice, this list of conditions and the following 14 disclaimer. 15 16 2. Redistributions in binary form must reproduce the above 17 copyright notice, this list of conditions and the following 18 disclaimer in the documentation and/or other materials 19 provided with the distribution. 20 21 3. All advertising materials mentioning features or use of this 22 software must display the following acknowledgment: 23 "This product includes software developed by 24 Ralf S. Engelschall <rse@engelschall.com> for use in the 25 mod_ssl project (http://www.modssl.org/)." 26 27 4. The name "mod_ssl" must not be used to endorse or promote 28 products derived from this software without prior written 29 permission. 30 31 5. Redistributions of any form whatsoever must retain the 32 following acknowledgment: 33 "This product includes software developed by 34 Ralf S. Engelschall <rse@engelschall.com> for use in the 35 mod_ssl project (http://www.modssl.org/)." 36 37 THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY 38 EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 39 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 40 PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RALF S. ENGELSCHALL OR 41 HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 42 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 43 NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 44 LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 45 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 46 STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 47 ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 48 OF THE POSSIBILITY OF SUCH DAMAGE. 49--> 50<style type="text/css"><!-- 51A:link { 52 text-decoration: none; 53 color: #6666cc; 54} 55A:active { 56 text-decoration: none; 57 color: #6666cc; 58} 59A:visited { 60 text-decoration: none; 61 color: #6666cc; 62} 63#sf { 64 font-family: arial,helvetica; 65 font-variant: normal; 66 font-style: normal; 67} 68H1 { 69 font-weight: bold; 70 font-size: 24pt; 71 line-height: 24pt; 72 font-family: arial,helvetica; 73 font-variant: normal; 74 font-style: normal; 75} 76H2 { 77 font-weight: bold; 78 font-size: 18pt; 79 line-height: 18pt; 80 font-family: arial,helvetica; 81 font-variant: normal; 82 font-style: normal; 83} 84H3 { 85 font-weight: bold; 86 font-size: 14pt; 87 line-height: 14pt; 88 font-family: arial,helvetica; 89 font-variant: normal; 90 font-style: normal; 91} 92H4 { 93 font-weight: bold; 94 font-size: 12pt; 95 line-height: 12pt; 96 font-family: arial,helvetica; 97 font-variant: normal; 98 font-style: normal; 99} 100#H { 101} 102#D { 103 background-color: #f0f0f0; 104} 105#faq { 106 font-weight: bold; 107 font-size: 16pt; 108 line-height: 16pt; 109 font-family: arial,helvetica; 110 font-variant: normal; 111 font-style: normal; 112} 113#howto { 114 font-weight: bold; 115 font-size: 16pt; 116 line-height: 16pt; 117 font-family: arial,helvetica; 118 font-variant: normal; 119 font-style: normal; 120} 121#term { 122 font-weight: bold; 123 font-size: 16pt; 124 line-height: 16pt; 125 font-family: arial,helvetica; 126 font-variant: normal; 127 font-style: normal; 128} 129--></style> 130<script type="text/javascript" language="JavaScript"> 131<!-- Hiding the code 132function ro_imgNormal(imgName) { 133 if (document.images) { 134 document[imgName].src = eval(imgName + '_n.src'); 135 self.status = ''; 136 } 137} 138function ro_imgOver(imgName, descript) { 139 if (document.images) { 140 document[imgName].src = eval(imgName + '_o.src'); 141 self.status = descript; 142 } 143} 144// done hiding --> 145</script> 146<script type="text/javascript" language="JavaScript"> 147<!-- Hiding the code 148if (document.images) { 149 ro_img_prev_top_n = new Image(); 150 ro_img_prev_top_n.src = 'ssl_template.navbut-prev-n.gif'; 151 ro_img_prev_top_o = new Image(); 152 ro_img_prev_top_o.src = 'ssl_template.navbut-prev-s.gif'; 153} 154// done hiding --> 155</script> 156<script type="text/javascript" language="JavaScript"> 157<!-- Hiding the code 158if (document.images) { 159 ro_img_prev_bot_n = new Image(); 160 ro_img_prev_bot_n.src = 'ssl_template.navbut-prev-n.gif'; 161 ro_img_prev_bot_o = new Image(); 162 ro_img_prev_bot_o.src = 'ssl_template.navbut-prev-s.gif'; 163} 164// done hiding --> 165</script> 166<script type="text/javascript" language="JavaScript"> 167<!-- Hiding the code 168if (document.images) { 169 ro_img_next_top_n = new Image(); 170 ro_img_next_top_n.src = 'ssl_template.navbut-next-n.gif'; 171 ro_img_next_top_o = new Image(); 172 ro_img_next_top_o.src = 'ssl_template.navbut-next-s.gif'; 173} 174// done hiding --> 175</script> 176<script type="text/javascript" language="JavaScript"> 177<!-- Hiding the code 178if (document.images) { 179 ro_img_next_bot_n = new Image(); 180 ro_img_next_bot_n.src = 'ssl_template.navbut-next-n.gif'; 181 ro_img_next_bot_o = new Image(); 182 ro_img_next_bot_o.src = 'ssl_template.navbut-next-s.gif'; 183} 184// done hiding --> 185</script> 186</head> 187<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066"> 188<div align="center"> 189<table width="600" cellspacing="0" cellpadding="0" border="0" summary=""> 190<tr> 191 <td> 192 <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br> 193 <table width="600" cellspacing="0" cellpadding="0" summary=""> 194 <tr> 195 <td> 196 <table width="600" summary=""> 197 <tr> 198 <td align="left" valign="bottom"> 199 <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font> 200 </td> 201 <td align="right"> 202 <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-1.gif" alt="1" width="74" height="89"> 203 </td> 204 </tr> 205 </table> 206 </td> 207 </tr> 208 <tr> 209 <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td> 210 </tr> 211 <tr> 212 <td> 213 <table width="600" border="0" summary=""> 214 <tr> 215 <td valign="top" align="left" width="250"> 216<a href="index.html" onmouseover="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_top'); return true" onfocus="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_top'); return true"><img name="ro_img_prev_top" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Cover</font> 217 </td> 218 <td valign="top" align="right" width="250"> 219<a href="ssl_intro.html" onmouseover="ro_imgOver('ro_img_next_top', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_top'); return true" onfocus="ro_imgOver('ro_img_next_top', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_top'); return true"><img name="ro_img_next_top" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Introduction</font> 220 </td> 221 </tr> 222 </table> 223 </td> 224 </tr> 225 <tr> 226 <td> 227 <br> 228 <img src="ssl_template.title-over.gif" alt="Preface" width="456" height="60"> 229 </td> 230 </tr> 231 </table> 232<div align="right"> 233<table cellspacing="0" cellpadding="0" width="300" summary=""> 234<tr> 235<td> 236<em> 237``Ralf Engelschall has released an 238excellent module that integrates 239Apache and SSLeay.'' 240</em> 241</td> 242</tr> 243<tr> 244<td align="right"> 245<font size="-1"> 246Tim J. Hudson, SSLeay F.A.Q. 247</font> 248</td> 249</tr> 250</table> 251</div> 252<p> 253<table cellspacing="0" cellpadding="0" border="0" summary=""> 254<tr valign="bottom"> 255<td> 256<img src="ssl_overview.gfont000.gif" alt="T" width="34" height="34" border="0" align="left"> 257his module provides strong cryptography for the <A 258HREF="http://www.apache.org/">Apache</A> (v1.3) webserver via the <A 259HREF="http://www.netscape.com/newsref/std/SSL.html">Secure Socket Layer</A> 260(SSL v2/v3) and <A HREF="http://www.consensus.com/ietf-tls/">Transport Layer 261Security</A> (TLS v1) protocols by the help of the excellent SSL/TLS 262implementation library <A HREF="http://www.openssl.org/">OpenSSL</A> from <A 263HREF="mailto:eay@aus.rsa.com">Eric A. Young</A> and <A 264HREF="mailto:tjh@cryptsoft.com">Tim Hudson</A>. 265</td> 266<td> 267 268</td> 269<td> 270<div align="right"> 271<table cellspacing="0" cellpadding="5" border="0" bgcolor="#ccccff" summary=""> 272<tr> 273<td bgcolor="#333399"> 274<font face="Arial,Helvetica" color="#ccccff"> 275<b>Global Table Of Contents</b> 276</font> 277</td> 278</tr> 279<tr> 280<td> 281<font face="Arial,Helvetica" size="-1"> 282<b> 283<a href="ssl_overview.html">Chapter 1: Preface</a><br> 284<a href="ssl_intro.html">Chapter 2: Introduction</a><br> 285<a href="ssl_reference.html">Chapter 3: Reference</a><br> 286<a href="ssl_compat.html">Chapter 4: Compatibility</a><br> 287<a href="ssl_howto.html">Chapter 5: HowTo</a><br> 288<a href="ssl_faq.html">Chapter 6: F.A.Q. List</a><br> 289<a href="ssl_glossary.html">Chapter 7: Glossary</a><br> 290</b> 291</font> 292</td> 293</tr> 294</table> 295</div> 296</td> 297</tr> 298</table> 299<p> 300The <A HREF="http://www.modssl.org/">mod_ssl</A> package was 301created in April 1998 by <A HREF="mailto:rse@engelschall.com">Ralf S. 302Engelschall</A> and was originally derived from the <A 303HREF="http://www.apache-ssl.org/">Apache-SSL</A> package developed by <A 304HREF="mailto:ben@algroup.co.uk">Ben Laurie</A>. It stays under a BSD-style 305license which is equivalent to the license used by <A 306HREF="http://www.apache.org/">The Apache Group</a> for the Apache webserver 307itself. This means, in short, that you are free to use it both for commercial 308and non-commercial purposes as long as you retain the authors' copyright 309notices and give the proper credit. 310<h2>Legalese</h2> 311Although the above conditions also apply to Apache and OpenSSL in general (both 312are freely available and useable software packages), you should be aware that 313especially the cryptographic algorithms used inside OpenSSL stay under 314certain patents and perhaps import/export/use restrictions in some countries 315of the world. So whether you can actually use the combination 316Apache+mod_ssl+OpenSSL in your country depends mainly on your local state laws. 317The authors of neither Apache nor mod_ssl nor OpenSSL are liable for any 318violations you make here. 319<p> 320If you're not sure what law details apply to your country you're strongly 321advised to first determine them by consulting an attorney before using this 322module. A lot of hints you can find in the <a 323href="http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm">International Law 324Crypto Survey</a> which is a really comprehensive resource on this topic. At 325least two countries with heavy cryptography restrictions are well known: 326In the United States (USA) it's not allowed to (re-)export mod_ssl 327or OpenSSL And inside France it's not allowed to use any cryptography at all 328when keys with more than 40 bits are used. 329<p> 330<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary=""> 331<tr> 332<td> 333<table bgcolor="white" cellspacing="0" cellpadding="10" border="0" summary=""> 334<tr> 335<td> 336<font face="Arial,Helvetica"> 337This software package uses strong cryptography, so while it is created, 338maintained and distributed from Germany and Switzerland (where it is legal to 339do this), it falls under certain export/import and/or use restrictions in some 340other parts of the world. 341<p> 342PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY 343SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL 344DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE WORLD. 345SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE IT FROM 346THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR EVEN SOURCE PATCHES TO THE 347AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO 348ANY EXPORT/IMPORT AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHOR OF MOD_SSL 349IS NOT LIABLE FOR ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFULLY YOURSELF, IT 350IS YOUR RESPONSIBILITY. 351</font> 352<p> 353<font face="Arial,Helvetica"> 354CREDIT INFORMATION: 355This product includes software developed by Ben Laurie for use in the 356Apache-SSL HTTP server project, software developed by Larry Wall and David 357MacKenzie for use in the GNU project of the FSF and software developed by Dr. 358Stephen N. Henson as a companion to OpenSSL. 359</font> 360</td> 361</tr> 362</table> 363</td> 364</tr> 365</table> 366<h2>Module Architecture</h2> 367The mod_ssl package consists of the SSL module (part 1 in <a 368href="#figure1">Figure 1</a>) and a set of source patches for Apache adding the 369Extended API (EAPI) (part 2 in <a href="#figure1">Figure 1</a>) which is an 370essential prerequisite in order to use mod_ssl. In other words: you can only 371use the mod_ssl module when Apache's core code contains the Extended API. But 372because when applying mod_ssl to the Apache source tree the Extended API is 373also automatically added you usually don't have to think about this. It's 374mainly important for package vendors who want to build separate packages for 375Apache and mod_ssl. For more details on how to apply mod_ssl to the Apache 376source tree please follow the <code>INSTALL</code> file in the mod_ssl 377distribution. 378<p> 379<div align="center"> 380<a name="figure1"></a> 381<table width="600" cellspacing="0" cellpadding="1" border="0" summary=""> 382<caption align="bottom" id="sf">Figure 1: Module Architecture</caption> 383<tr><td bgcolor="#cccccc"> 384<table width="598" cellpadding="5" cellspacing="0" border="0" summary=""> 385<tr><td valign="top" align="center" bgcolor="#ffffff"> 386<img src="ssl_overview_fig1.gif" alt="" width="382" height="281"> 387</td> 388</tr></table> 389</td></tr></table> 390</div> 391<h2>Module Building</h2> 392The SSL module (mod_ssl) resides under the <CODE>src/modules/ssl/</CODE> 393subdirectory inside the Apache source tree and is a regular Apache module. This 394means that you can configure, build and install it like any other Apache module. 395Usually this is done by using the APACI command 396<blockquote> 397<pre> 398$ cd apache_1.3.x/ 399$ SSL_BASE=/path/to/openssl ./configure ... --enable-module=ssl 400</pre> 401</blockquote> 402or by manually editing the <code>SSL_BASE</code> variable, 403uncommenting the corresponding <code>AddModule</code> directive inside the 404<code>src/Configuration</code> file and using the command 405<blockquote> 406<pre> 407$ cd apache_1.3.x/src 408$ ./Configure 409</pre> 410</blockquote> 411for configuring. Additionally you can enable the <a 412href="http://www.apache.org/docs/dso.html">Dynamic Shared Object</a> (DSO) 413support for mod_ssl by either adding the <code>--enable-shared=ssl</code> 414option to the APACI configure command line or by replacing the 415<blockquote> 416<pre> 417AddModule ssl_module modules/ssl/libssl.a 418</pre> 419</blockquote> 420line in <code>src/Configuration</code> with 421<blockquote> 422<pre> 423SharedModule ssl_module modules/ssl/libssl.so 424</pre> 425</blockquote> 426Building mod_ssl as a DSO is especially interesting to achieve more run-time 427flexibility, i.e. you can decide whether to use SSL or not at run-time instead 428of build-time. But notice that building mod_ssl as a DSO requires that your 429OS/compiler supports building DSOs in the first place, and additionally that 430they support linking of a DSO against a static library (libssl.a, libcrypo.a). 431Not all platform support this. 432 <p> 433 <br> 434 <table summary=""> 435 <tr> 436 <td> 437 <table width="600" border="0" summary=""> 438 <tr> 439 <td valign="top" align="left" width="250"> 440<a href="index.html" onmouseover="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_bot'); return true" onfocus="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_bot'); return true"><img name="ro_img_prev_bot" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Cover</font> 441 </td> 442 <td valign="top" align="right" width="250"> 443<a href="ssl_intro.html" onmouseover="ro_imgOver('ro_img_next_bot', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_bot'); return true" onfocus="ro_imgOver('ro_img_next_bot', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_bot'); return true"><img name="ro_img_next_bot" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Introduction</font> 444 </td> 445 </tr> 446 </table> 447 </td> 448 </tr> 449 <tr> 450 <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td> 451 </tr> 452 <tr> 453 <td><table width="598" summary=""> 454 <tr> 455 <td align="left"><font face="Arial,Helvetica"> 456 <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br> 457 The Apache Interface to OpenSSL 458 </font> 459 </td> 460 <td align="right"><font face="Arial,Helvetica"> 461 Copyright © 1998-2001 462 <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br> 463 All Rights Reserved<br> 464 </font> 465 </td> 466 </tr> 467 </table> 468 </td> 469 </tr> 470 </table> 471 </td> 472</tr> 473</table> 474</div> 475</body> 476</html> 477