VSI-AXPVMS-CSWS-V0204-38C-1-RELNOTE.PDF

This document announces the release of Secure Web Server (SWS) for OpenVMS Version 2.4-38C, based on Apache HTTP Server 2.4.38 and released in August 2019. This version is a significant update, offering numerous new features, enhancements, and security improvements.

Key highlights include:

• New Features & Enhancements:

  • Based on Apache HTTP Server 2.4.38, providing reduced memory utilization, more flexible configuration, and improved support for custom loadable modules.
  • Integrates Secure Sockets Layer (SSL) MOD_SSL and OpenSSL 1.1.1b, enabling higher levels of encryption and enhanced security.
  • Includes a wide array of standard Apache modules, along with OpenVMS-specific ones.
  • A new utility, log2rabbitmq.exe, allows publishing web server log messages to a RabbitMQ broker.

• Significant Changes from Previous Versions:

  • Configuration Updates: Upgrading requires changes to httpd.conf, including potentially uncommenting dynamically loadable modules.
  • Mutex Directive: The AcceptMutex and related directives have been replaced by a single Mutex directive. The OpenVMS Distributed Lock Manager is now the default and recommended coordination mechanism; explicitly specifying vmsdlm will prevent the server from starting.
  • OpenVMS Authentication: The authentication and authorization model has changed, requiring explicit registration of providers (e.g., AuthBasicProvider OpenVMS) and specific modules to be loaded. Older directives like AuthOpenVMSUser are removed.
  • Deprecated Logical Names: Several logical names (e.g., APACHE$BG_PIPE_BUFFER_SIZE, APACHE$SSL_DBM_TYPE) are deprecated.
  • Custom Modules: All custom-written dynamically loaded modules must be rebuilt for Version 2.4 with specific compiler and linker switches.
  • ScoreBoardFile is ignored; SWS now uses a shared memory scoreboard.

• Installation & Upgrade:

  • Must be installed on an ODS-5 enabled disk.
  • For upgrades, prior steps are crucial: shut down CSWS, back up site-specific files, uninstall the previous version (ensuring old Htdocs/Icons directories are deleted), and rename existing customized configuration files before installing the new version.
  • A configuration menu (APACHE$MENU.COM) is provided for post-installation setup.
  • SSL can be enabled by generating a self-signed certificate and uncommenting an Include directive in HTTPD.CONF.

• Bug Fixes (Cumulative for 2.4 releases): Numerous issues have been resolved, including problems with IPv6 support, worker process startup, serving web pages from public_html directories, large file transfers, SSL module warnings, long-running CGI scripts, WebDAV functionality, and case-sensitive username checks.

• Known Issues & Restrictions:

  • Incompatibility with Older Optional Kits: Do not use SWS 2.4 with older CSWSPERL (V2.1 or earlier), CSWSPHP (V5.2-17A or earlier), or any CSWS_JAVA kits, as this will cause process crashes.
  • suEXEC Limitation: Enabling suEXEC during initial configuration can prevent adding cluster nodes (a workaround is provided).
  • IPv6 Requirement: For IPv6 to work, TCPIP$IPV6_STARTED and APACHE$CAN_USE_IPV6 logical names must be defined in the SYSTEM table.
  • Startup Failures: SWS may fail to start if the audit server is not running or if a Listen directive is not explicitly specified in httpd.conf.
  • Require user directive for mod_authnz_openvms must use uppercase usernames.

The document stresses the importance of reviewing the Apache HTTP Server 2.4 documentation for a full list of features and changes, especially for those upgrading from previous versions.