VSI-I64VMS-CSWS-V0204-3P-1-RELNOTES.PDF

This document is a release note for Secure Web Server for OpenVMS (CSWS) Version 2.4-3P, released in July 2018.

Here's a summary of its key points:

• Core Update: This release is a significant update based on Apache HTTP Server Version 2.4-12 and includes OpenSSL 1.0.2n for enhanced security and higher encryption levels.

• New Features & Enhancements:

  • Reduced memory utilization and more flexible configuration.
  • Numerous new loadable modules for session management, request filtering, and rate limiting.
  • Improved support for developing custom loadable modules.
  • A comprehensive list of supported modules is provided.

• Significant Changed Features (especially for upgrades):

  • Configuration Files: Upgrading from previous versions requires reviewing and modifying httpd.conf and ssl.conf due to incompatibilities.
  • AcceptMutex Directive: Replaced by Mutex. The OpenVMS Distributed Lock Manager is now the default (and only implicitly supported) coordination mechanism; explicitly specifying vmsdlm for Mutex will prevent startup.
  • OpenVMS SYSUAF Authentication: The authentication/authorization model has changed. Users must explicitly register the OpenVMS provider using AuthBasicProvider OpenVMS and load specific modules (mod_authn_core.exe, mod_authz_core.exe, mod_auth_basic.exe, mod_authnz_openvms.exe). Older configuration commands like AuthOpenVMSUser are removed.
  • Logging: A new log2rabbitmq.exe utility allows publishing web server logs to a RabbitMQ broker.
  • ServerName: Explicitly setting ServerName and port in httpd.conf is strongly recommended to prevent issues.
  • Deprecated Logical Names: Several logical names (e.g., APACHE$BG_PIPE_BUFFER_SIZE, APACHE$SSL_DBM_TYPE) are deprecated and replaced with APR$ prefixed versions or entirely removed, reflecting underlying software subsystem changes.
  • Custom Modules: All custom-written dynamically loaded modules must be rebuilt for Version 2.4 due to API changes and require specific compile/link switches for OpenVMS.

• Installation & Upgrade Process:

  • Mandatory ODS-5 Volume: CSWS 2.4 must be installed on an ODS-5 enabled disk. Installation on ODS-2 will fail.
  • Upgrade Steps: Before installing, users must shut down existing CSWS, back up site-specific files, uninstall the previous version (ensuring all Htdocs & Icons trees are deleted when prompted), and rename existing customized configuration files (httpd.conf, ssl.conf) to ensure new, compatible versions are created.
  • Post-Installation: Steps include configuring OpenVMS aspects (APACHE$CONFIG.COM), manually starting the server, and setting up SSL with OPENSSL_AUTO_CERT.COM.

• Known Problems and Restrictions:

  • Incompatibility with Older Kits: CSWS 2.4 is incompatible with older versions of optional kits like CSWSPERL (V2.1 or earlier), CSWSPHP (V5.2-17A or earlier), and any CSWS_JAVA kits. VSI is working on updates.
  • WebDAV DBM: Only SDBM database manager type is supported for WebDAV.
  • suEXEC in Clusters: Enabling suEXEC initially can prevent adding cluster nodes; a workaround is provided.
  • Authentication: mod_authnz_openvms requires uppercase usernames with the Require user directive.
  • Audit Server: CSWS will fail to start if the audit server is not running (this requirement may be removed in future releases).

• Bug Fixes (Cumulative): Numerous bugs from previous 2.4 releases have been fixed, including issues with user-specific directories, large file transfers, IPv6 usage, OpenSSL version mismatches, CGI script loops, DAV functionality, DBM defaults, and a crash when using debug logging.