VSI-I64VMS-CSWS-V0204-3O-1-RELNOTES.PDF

This document describes the Secure Web Server (SWS) for OpenVMS Version 2.4-30, released in May 2018 by VMS Software Inc. (VSI). This is a significant update based on Apache HTTP Server 2.4-12 and incorporates OpenSSL 1.0.2n, bringing enhanced security through higher encryption levels, reduced memory usage, and more flexible configuration. It introduces new loadable modules for session management, request filtering, and rate limiting, and improves support for developing custom modules.

Key changes and considerations for this release include:

• Upgrade Process: Existing configuration files (httpd.conf, ssl.conf) from previous SWS versions may be incompatible and must be backed up, and new ones generated during an upgrade.
• Locking Mechanism: The AcceptMutex directive is replaced by Mutex, with the OpenVMS Distributed Lock Manager (DLM) now the implicit and default method for coordination, eliminating the need to explicitly specify vmsdlm.
• Authentication Model: The OpenVMS SYSUAF-based authentication module adopts Apache 2.4's new model, requiring explicit provider registration and loading of specific modules.
• Custom Modules: Dynamically loaded custom modules must be rebuilt for Version 2.4 due to API changes, with a new text library available for header files.
• Deprecated Features: Several logical names (e.g., APACHE$BG_PIPE_BUFFER_SIZE, APACHE$SSL_DBM_TYPE) are deprecated.
• Log Utility: A new log2rabbitmq.exe utility is introduced for publishing web server logs to a RabbitMQ broker.
• ServerName: It is strongly recommended to explicitly set the ServerName directive with a port number in httpd.conf.

Installation requires an ODS-5 enabled disk. The document provides detailed installation and configuration steps, including instructions for generating SSL certificates and using the APACHE$MENU.COM utility.

The release also includes numerous bug fixes, addressing issues such as serving web pages from user-specific directories, handling large files, IPv6 configuration, MOD_SSL version mismatches, CGI script loops, WebDAV functionality, and standardizing core web server locking to the OpenVMS DLM.

Known issues include incompatibility with older SWS optional kits (CSWSPERL, CSWSPHP, CSWS_JAVA), a workaround needed for suEXEC when adding cluster nodes, the requirement for uppercase usernames with mod_authnz_openvms, and the server's failure to start if the audit server is not running.