VSI-AXPVMS-CSWS-V0204-38-1-RELNOTES.PDF

This document announces the release of Secure Web Server (SWS) for OpenVMS, Version 2.4-38, based on Apache HTTP Server Version 2.4.38 and released in March 2019.

Key Highlights:

• Significant Update: This release is a major update, offering reduced memory utilization, more flexible configuration, and new loadable modules for session management, request filtering, and rate limiting.
• Enhanced Security: It includes SSL MOD_SSL and OpenSSL 1.0.2r, supporting higher encryption levels for improved client security.
• Improved Custom Module Support: Better support for developing custom loadable modules.

Important Changes and Considerations:

1. Configuration Updates:

   • httpd.conf: Requires modifications; dynamically loadable modules must be explicitly uncommented.
   • Mutex Directive: The AcceptMutex directive is replaced by Mutex. For OpenVMS, the Distributed Lock Manager is always the default and recommended; explicitly specifying vmsdlm for Mutex will prevent server startup.
   • OpenVMS SYSUAF Authentication: The authentication/authorization model has changed. Users must now register specific providers (e.g., AuthBasicProvider OpenVMS) and load necessary modules (mod_authn_core.exe, mod_authz_core.exe, etc.). Directives like AuthOpenVMSUser and AuthOpenVMSGroup are no longer supported.
   • ServerName: Strongly recommended to explicitly set the ServerName directive (including port) in httpd.conf.
   • Logical Names: Several logical names (e.g., APACHE$BG_PIPE_BUFFER_SIZE, APACHE$SSL_DBM_TYPE) have been deprecated or replaced.
   • ScoreBoardFile: This directive is ignored; CSWS uses a shared memory scoreboard.
   • log2rabbitmq.exe: A new utility for publishing web server log messages to a RabbitMQ broker.

2. Upgrade Process (Critical):

   • Backup: Backup all site-specific files.
   • Uninstall Old Version: Completely uninstall any previous CSWS version, answering "yes" to delete Htdocs & Icons directory trees.
   • Rename Configs: Rename existing customized configuration files (httpd.conf, ssl.conf) to allow the installation of new defaults.

3. Installation Requirements:

   • Must be installed only on an ODS-5 enabled disk. Installing on ODS-2 will fail.

4. Custom Module Development:

   • All custom-written dynamically loaded modules must be rebuilt for Version 2.4, using specific C compiler switches and linker options for OpenVMS (e.g., case-sensitive symbol linking).

5. Known Problems and Restrictions:

   • Compatibility: Do NOT use SWS Version 2.4 with older optional kits like CSWSPERL V2.1 or earlier, CSWSPHP V5.2-17A or earlier, or CSWS_JAVA (any), as this will cause crashes. VSI is working on updated versions of these kits.
   • suEXEC: Enabling suEXEC during initial configuration prevents adding nodes in a cluster (workaround provided).
   • Usernames: mod_authnz_openvms requires usernames in uppercase for the "Require user" directive.
   • Silent Failures: To diagnose silent startup failures, temporarily define APACHE$SPL_DISABLED to TRUE.
   • WebDAV: Requires the SDBM database manager type.
   • Audit Server: CSWS will fail to start if the audit server is not running (this requirement may be removed in future releases).

6. Bug Fixes:

   • Numerous bugs have been fixed, including issues with serving public_html pages, large file transfers, IPv6 handling, MOD_SSL version mismatches, CGI script loops, DAV functionality, file version number inconsistencies, proxy module linking, WebDAV binary file corruption, and case-sensitive usernames in .htaccess files. Default locking mechanisms now consistently use the OpenVMS distributed lock manager.

The document also provides detailed instructions for installation, server configuration via a menu-driven interface, SSL enabling, and guidance for building custom modules.