the apache-ssl locker

The apache-ssl "locker" contains the sources, documentation, examples, and binary distribution for the apache-ssl webserver. This material is provided "as is", with no support other than what is in the locker. This is intended for experienced Unix system administrators at MIT. Others outside the MIT community are welcome to take it and try it, but we provide no support other than what is found in the locker.

Current offerings:

The current version of the apache-ssl distribution is rev11 based on apache1.3.26, available as of August 12th 2002 and the openssl version 0.9.6e - which has a fix for the security alert of July 29th 2002.
The previous version of our apache-ssl distribution is still available for reference purposes.

Important notices:

August 3, 2004: The existing version of mitCAclient.pem will expire on August 13, 2004. If you are running a secure web server that uses MIT certificates, please pick up a new one (requires a personal MIT certificate) and install it on your web server.
January 7, 2004: We are soliciting information to help us decide what features and functionality to include in the next release of the MIT apache-ssl distribution. Please see the questionnaire that was sent to the 'apache-ssl-users' mailing list.
August 14, 2003: the mitCAclient.pem will expire on August 23, 2003. If you are running a secure webserver that uses MIT certificates, please pick up a new one (requires a personal MIT certificate) and install it on your webserver, replacing the old one (/var/ssl/certs/mitCAclient.pem).
August 19, 2002:Note for maintainers of web servers:
As you probably realize, web servers can be quite complicated to build, test and maintain. In order to provide a reliable, simple-to-install, general-purpose apache-ssl-based webserver for use by experienced Unix system administrators at MIT, we make the following assumptions about the system onto which our apache-ssl webserver will go:
- The operating system is Solaris. We do not build or test against any other operating system.
- The operating system is not more than six months behind the current release of Solaris. This means that if you want to be able to rely on the apache-ssl distribution for new versions of the webserver, you must keep the operating system on your system up to date. In other words, if your system is running an old version of the operating system, the apache-ssl webserver most likely will not run properly, if at all. In other, other words, the apache-ssl webserver is tied to the current version of Solaris. We build and test only against the current version of the operating system.
- If you are going to update an existing apache-ssl webserver, you will be updating from the previous apache-ssl version. That is, an update from apache-ssl(rev 10) to apache-ssl(rev 11) will succeed; but most likely an update from apache-ssl(rev 9) or earlier to apache-ssl(rev 11) will fail miserably. We build and test updating only from the previous apache-ssl release.
- We cannot build or test against older versions of Solaris, other operating systems, or updating from arbitrary versions of the apache-ssl release. For these, you are on your own.
July 30,2002: Due to today's security alert in the SSL, we issued new SSL libraries, SSL binaries and http (httpsd) binaries
- For Solaris 8 (sun4u ( not sun4m) architecture):
  - Http binaries are to be downloaded from here
  - SSL binaries are to be downloaded from here
  - SSL libraries are to be downloaded from here
- For Solaris 2.6 :
  - Http binaries are to be downloaded from here
  - SSL binaries are to be downloaded from here
  - SSL libraries are to be downloaded from here
- For AIX 4.3.3 :
  - Http binaries are to be downloaded from here
  - SSL binaries are to be downloaded from here
  - SSL libraries are to be downloaded from here

Comments to
apache-ssl@mit.edu
$Date: 2004/08/03 19:06:00 $