VSI-I64VMS-CSWS-V0204-3H-1 RELNOTES.PDF

This document is the Release Notes for VMS Software Inc.'s (VSI) Secure Web Server (SWS) for OpenVMS, Version 2.4-3H, released October 2017. It is based on Apache HTTP Server Version 2.4-12.

Key Highlights:

• Significant Update: This release is a major update from previous versions, offering new features, numerous enhancements, reduced memory utilization, more flexible configuration, new loadable modules (e.g., for session management, request filtering, rate limiting, proxying), and improved support for custom loadable module development.
• Enhanced Security: It includes Secure Sockets Layer (SSL) MOD_SSL and OpenSSL 1.0.2k, providing higher levels of encryption.
• Included Modules: A comprehensive list of supported Apache modules is provided (not all Apache 2.4 features are available on OpenVMS).

Major Changes and Deprecations:

• Configuration Changes: Upgrading from previous SWS versions requires significant changes to httpd.conf and ssl.conf. Some modules are no longer loaded by default.
• Mutex Directive: The AcceptMutex directive and related logical names (e.g., LockFile, SSLMutex) have been replaced by a single Mutex directive. For OpenVMS, the Distributed Lock Manager (DLM) is now the default and only supported coordination mechanism; specifying vmsdlm for Mutex will prevent the server from starting.
• OpenVMS Authentication: The authentication and authorization model has changed, requiring explicit registration of providers. Directives like AuthOpenVMSUser and AuthOpenVMSGroup are removed. Specific core authentication modules must be loaded.
• Logging Utility: A new utility, log2rabbitmq.exe, is included to publish web server log messages to a RabbitMQ broker.
• ServerName: It is strongly recommended to explicitly set the ServerName directive with a port number in httpd.conf.
• Deprecated Logical Names: APACHE$BG_PIPE_BUFFER_SIZE, APACHE$MB_PIPE_BUFFER_SIZE are deprecated (use APR$BG_PIPE_BUFFER_SIZE, APR$MB_PIPE_BUFFER_SIZE). APACHE$SSL_DBM_TYPE is also deprecated as SDBM is the only supported DBM for SSL session cache (shared memory cyclic buffer is recommended for optimal performance).
• Custom Modules: All custom-written dynamically loaded modules must be rebuilt for Version 2.4 due to API changes. Specific C compiler and linker flags are required for OpenVMS (/POINTER_SIZE=32, _USE_STD_STAT, NAMES=(AS_IS,SHORTENED) for compilation; CASE_SENSITIVE=YES for linking). Headers are provided in APACHE$LIBRARY.TLB.

Installation and Upgrade Process:

• Upgrade Steps: Before upgrading, users must shut down the old SWS, back up site-specific files, uninstall the earlier version (confirming deletion of Htdocs & Icons), and rename existing custom configuration files.
• Installation Requirement: SWS 2.4 must be installed on an ODS-5 enabled disk.
• Post-Installation: Includes configuring OpenVMS aspects (APACHE$CONFIG), starting the server, adding it to system startup/shutdown, and (for SSL) generating a certificate (OPENSSL_AUTO_CERT.COM) and uncommenting the ssl.conf include.
• Configuration Menu: A menu-driven configuration tool (APACHE$MENU.COM) is available.

Known Problems and Restrictions:

• Incompatibilities: SWS 2.4 is incompatible with older optional kits like CSWSPERL V2.1, CSWSPHP V5.2-17A, and CSWS_JAVA (any).
• WebDAV: Requires the SDBM database manager (which is the default and only DBM type supported in this release).
• suEXEC: A workaround is needed if suEXEC is enabled when adding a node to a cluster environment.
• Usernames: Require user directive for mod_authnz_openvms must specify usernames in uppercase.
• Audit Server: CSWS will fail to start if the audit server is not running (a temporary requirement).

Bug Fixes: This release fixes several bugs, including issues with serving web pages from user-specific public_html directories, returning large files, incorrect IPv6 usage, and an OpenSSL version mismatch warning in MOD_SSL.