VSI-I64VMS-CSWS-V0204-3Q-1-RELNOTES.PDF

This document summarizes the Release Notes for Secure Web Server (SWS) for OpenVMS Version 2.4-3Q, developed by VMS Software Inc. (VSI) and based on Apache HTTP Server Version 2.4-12.

Key Features and Improvements:

• It's a significant update offering reduced memory utilization, more flexible configuration, and various new loadable modules for session management, request filtering, and rate limiting.
• Improved support for custom loadable module development.
• Includes MOD_SSL and OpenSSL 1.0.2n, supporting higher encryption levels and enhanced security.

Significant Changes for Upgrades and Configuration:

• Incompatibility with Existing Configuration: httpd.conf and ssl.conf files from previous versions may be incompatible; users upgrading must back up site-specific files, uninstall older versions, and rename existing configuration files before installing 2.4-3Q.
• Module Loading: Some previous dynamically loadable modules are no longer available or loaded by default and must be explicitly enabled in httpd.conf.
• Mutex Directive: The AcceptMutex directive is replaced by Mutex. The OpenVMS Distributed Lock Manager is now the default for coordination and should not be explicitly specified for Mutex.
• Authentication Model: The OpenVMS SYSUAF-based authentication module (mod_authnz_openvms.exe) requires explicit provider registration (AuthBasicProvider OpenVMS) and loading of mod_authz_core.exe. Older configuration commands are no longer accepted.
• Logical Name Deprecation: Logical names prefixed with APACHE$ (e.g., APACHE$BG_PIPE_BUFFER_SIZE) are deprecated in favor of APR$ prefixes. APACHE$SSL_DBM_TYPE is also deprecated, with SDBM being the only supported DBM for SSL session cache, and shared memory cyclic buffer recommended.
• Custom Modules: All custom-written dynamically loaded modules must be rebuilt for Version 2.4, potentially requiring API changes. Specific C compiler switches and linker options for OpenVMS are provided, including using APACHE$LIBRARY.TLB for header files.
• New Utility: A log2rabbitmq.exe utility is introduced for publishing web server log messages to a RabbitMQ broker.
• ServerName: Explicitly setting the ServerName directive with a port number in httpd.conf is strongly recommended.

Installation and Administration:

• SWS 2.4 must be installed on an ODS-5 enabled disk. Installation on ODS-2 will fail or corrupt existing data.
• A menu-driven configuration utility (APACHE$MENU.COM) simplifies setup, instance management, SSL certificate generation, and other administrative tasks.
• Post-installation, users need to configure OpenVMS aspects, potentially create an APACHE$WWW user, start the server, and configure for system boot/shutdown.

Known Problems and Restrictions:

• Incompatibility with Older Kits: SWS 2.4 is incompatible with older optional kits like CSWSPERL V2.1 or earlier, CSWSPHP V5.2-17A or earlier, and any version of CSWS_JAVA, which can cause process crashes. VSI is working on updated versions.
• suEXEC Limitation: Enabling suEXEC during initial configuration prevents adding nodes in a cluster environment (a workaround is provided).
• Authentication Case Sensitivity: The Require user directive for mod_authnz_openvms requires usernames to be specified in uppercase.
• Audit Server Dependency: CSWS will fail to start if the audit server is not running (this requirement may be removed in future releases).

Bug Fixes:

• The release includes numerous cumulative bug fixes from previous 2.4 versions, addressing issues such as serving web pages from user-specific directories, handling large files, IPv6 usage, MOD_SSL warnings, CGI script execution, DAV functionality, proxy modules, and various locking inconsistencies.