VSI-I64VMS-CSWS-V0204-3L-1 RELNOTES.PDF

This document outlines the release notes for Secure Web Server for OpenVMS (SWS) Version 2.4-3L, based on Apache HTTP Server 2.4-12 and OpenSSL 1.0.2n, released in April 2018.

Key Highlights & New Features:

• Significant Update: This is a major update from previous versions, bringing Apache HTTP Server 2.4-12 to OpenVMS Integrity servers.
• Enhanced Security: Includes MOD_SSL and OpenSSL 1.0.2n, offering higher levels of encryption and improved security.
• Performance & Configuration: Features reduced memory utilization, more flexible configuration, and new loadable modules for session management, request filtering, and rate limiting.
• Custom Module Support: Improved support for developing custom dynamically loadable modules.
• Apache Module Inclusion: Supports a wide range of standard Apache 2.4 modules (detailed list provided).

Important Changes & Migration Notes (for upgrades):

• Configuration File Incompatibility: Existing httpd.conf and ssl.conf files from previous SWS versions are incompatible. Upgraders must back up, uninstall the old version (confirming deletion of Htdocs/Icons), rename old config files, and apply customizations to new versions.
• Module Loading: Dynamically loadable modules now require explicit uncommenting in httpd.conf.
• Mutex Directive: The AcceptMutex directive and related ones are replaced by a single Mutex directive. For OpenVMS, the Distributed Lock Manager is now the default and implicitly used.
• OpenVMS Authentication: The SYSUAF-based authentication module (modauthnzopenvms.exe) now requires explicit provider registration (AuthBasicProvider OpenVMS) and no longer accepts configuration commands. Usernames must be uppercase for "Require user".
• Log Utility: A new utility, log2rabbitmq.exe, allows publishing web server log messages to a RabbitMQ broker.
• Deprecated Logical Names: APACHE$BG_PIPE_BUFFER_SIZE, APACHE$MB_PIPE_BUFFER_SIZE are deprecated (use APR$ prefix); APACHE$SSL_DBM_TYPE is also deprecated as SDBM is the only supported DBM for SSL session cache.
• Custom Modules Must Be Rebuilt: Any custom-written dynamically loaded modules must be rebuilt for Version 2.4, adhering to specific C compiler switches and linker options for case sensitivity. A new header library APACHE$ROOT:[INCLUDE]APACHE$LIBRARY.TLB is provided.

Installation Requirements & Procedures:

• ODS-5 Volume: SWS Version 2.4 must be installed on an ODS-5 enabled disk. Installation on ODS-2 will fail and may corrupt existing installations.
• Upgrade Steps: Includes detailed steps for shutting down, backing up, uninstalling (with specific prompt answers), and renaming configuration files before installation.
• Configuration Menu: Post-installation, the APACHE$MENU.COM utility provides a menu for configuring OpenVMS aspects, creating instances, managing suEXEC, generating SSL certificates, and starting/stopping the server.
• SSL Enablement: SSL can be enabled by generating a self-signed certificate and uncommenting an Include directive in httpd.conf.

Bug Fixes in this Release:

• Addressed issues with serving web pages from user-specific public_html directories, large file transfers, incorrect IPv6 usage, MOD_SSL version mismatch warnings, CGI script infinite loops, DAV functionality with Expat XML, and inconsistent file version number handling in URLs.

Known Problems & Restrictions:

• Incompatibility with Optional Kits: Do not use SWS 2.4 with older optional kits (CSWSPERL V2.1 or earlier, CSWSPHP V5.2-17A or earlier, CSWS_JAVA (any)). Updates are planned.
• suEXEC & Clustering: Enabling suEXEC initially prevents adding nodes in a cluster environment (workaround provided).
• Audit Server Dependency: CSWS will fail to start if the OpenVMS audit server is not running (this requirement may be removed in future releases).
• "Create an Apache instance" fails if the specified target directory does not exist.