mod_ssl is an optional module for theApache HTTP Server. It provides strongcryptography for the Apache v1.3 and v2webserver via the Secure Sockets Layer (SSL v2/v3) andTransport Layer Security (TLS v1)cryptographic protocols by the help of the Open Source SSL/TLS toolkitOpenSSL.

The mod_ssl v1 package was initially created in April 1998 by Ralf S. Engelschall via porting Ben Laurie's Apache-SSL 1.17 source patches for Apache 1.2.6 to Apache 1.3b6.^[1] Because of conflicts with Ben Laurie's development cycle it then was re-assembled from scratch for Apache 1.3.0 by merging the old mod_ssl 1.x with the newer Apache-SSL 1.18. From this point on mod_ssl lived its own life as mod_ssl v2.

The first publicly released version was mod_ssl 2.0.0 from August 10, 1998. After US export restrictions on cryptographic software were loosened, mod_ssl became part of the Apache HTTP Server with the release of Apache httpd 2.^[2] As of October 10, 2009, the latest version released for mod_ssl in Apache 1.3 is mod_ssl v2.8.31-1.3.41 on February 8, 2008.^[3]

The original version created for Apache v1.3 was initially created in April 1998 by Ralf S. Engelschall via porting Ben Laurie'sApache-SSL 1.17 source patches for Apache 1.2.6 to Apache 1.3b6.^[1] This version is under aBSD-style license. The version for v2.0 and later, in contrast, is maintained byApache Software Foundation and licensed underApache License 2.0.

It is possible to provideHTTP andHTTPS with a single server machine, because HTTP and HTTPS use different server ports, so there is no direct conflict between them. It is either the maintainer who would run two separate Apache server instances (one binds to port 80, the other to port 443) or use Apache'svirtual hosting facility where the maintainer can create two virtual servers which Apache dispatches: one responding to port 80 and speaking HTTP and one responding to port 443 speaking HTTPS.

The original mod_ssl in Apache 1.3 available atwww.modssl.org is a third-party add-on package requiring additional steps in the compilation and configuration process. Also, the maintainer of the server needs to resolve additional system and Apache dependencies. Apache 2, in contrast, is a built-in module maintained byApache Software Foundation, and mod_ssl can be easily activated in the compilation and configuration options.^[4]

• List of Apache Modules

• Official mod_ssl website
• SSL Certificate Monitoring
• Current mod_ssl documentation
• Business Logic Security Testing (BLST)

• Web server software
• Apache httpd modules
• Transport Layer Security

• Articles with underscores in the title