This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
To: drew@drewb.com Subject: Re: [svlug] mod_ssl vs. openssl Date: Sun, 24 Sep 2000 19:58:53 -0700 From: J C Lawrence <claw@kanga.nu> On Mon, 25 Sep 2000 01:53:02 +0000 () Drew Bertola <drew@drewb.com> wrote: > Can anyone point out the pros and cons between mod_ssl and > openssl? I think you mean between mod_sll and Apache-SSL. OpenSSL is just a couple libraries and command line utilities that implement SSL. Apache-SSL is built atop OpenSSL (links the relevant libraries). mod_ssl does much the same thing as an Apache module. I'm not cognizant of any more sublt/significant differences (they configure very similarly). That said, and this doesn't mean a whole lot, I've found it elightly easier to persuade Apache-SSL to do 600 SSL transactions per second (unique session IDs per transaction to ensure a mod exponentiation call per transaction) than with mod_ssl (both given a hardware accellerator). I've worked a bit on getting mod_ssl to do 600tps as well and haven't managed (428 was my highest score), but I also haven't persisted into figuring out the why on the difference (first do the proof case, details come later). Next week I'll be working on getting Apache-SSL up to 1,400 transactions per second (still with unique sessions IDs per transaction) on a faster accellerator before looking again at mod_ssl. > Are there any relevant issues regarding the expiration of the RSA > patent? Just that you don't need RSA licenses any more. === Date: Sun, 24 Sep 2000 20:14:35 -0700 From: Dan Martinez <dfm@area.com> To: svlug@svlug.org Subject: Re: [svlug] mod_ssl vs. openssl Drew Bertola wrote: > Can anyone point out the pros and cons between mod_ssl and openssl? Apples and oranges. (Or, perhaps, apples and apple seeds.) OpenSSL is a general-purpose SSL/TLS toolkit, built upon the SSLeay library. It incorporates a Swiss-Army binary, openssl, capable of all sorts of useful cryptographic operations, including certificate-request creation and certificate signing. mod_ssl, on the other hand, is an Apache module giving Apache the ability to "understand" SSL -- i.e. to accept SSL connections from SSL-enabled browsers. It does not occupy the same ecological niche as OpenSSL, but rather builds upon it. Dan ===