IHS and OpenSSL

Technote (FAQ)


Question

How is IBM® HTTP Server (IHS) related to Open SSL?

Answer

On Apache HTTP Server, the SSL functionality is achieved using the module "mod_ssl" which is part of Open SSL. Even though the IBM HTTP Server is based on Apache, it does not use "mod_ssl" for SSL, but rather ships it's own Gskit implementation which interfaces with a module named "mod_ibm_ssl".

Furthermore, OpenSSL (mod_ssl) is not supported as a module within the IBM HTTP Server.

Vulnerabilities which are reported against OpenSSL do not apply to the IBM HTTP Server. For any relevant security issues with IHS, users are encouraged to apply the latest IBM HTTP Server fix pack levels to ensure the web server is patched with latest security fixes.


Display of included vulnerability fixes

The -V option of the httpd.exe command (Windows®) or the apachectl command (UNIX® and Linux®) will list the CVE ids of included vulnerability fixes. Example:

$ /opt/IHS602/bin/apachectl -V
Server version: IBM_HTTP_Server/6.0.2.9 Apache/2.0.47
Server built:   Feb 28 2006 17:44:21
Build level:    IHS60/web_IHS0609.04
Server's Module Magic Number: 20020903:4
Architecture:   32-bit
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/worker"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D HTTPD_ROOT="/opt/IBMIHS"
-D SUEXEC_BIN="/opt/IBMIHS/bin/suexec"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
Apache vulnerability fixes included:
 CVE-2002-1156  CVE-2002-0840  CVE-2003-0132  CVE-2003-0134
 CVE-2003-0189  CVE-2003-0245  CVE-2003-0254  CVE-2003-0253
 CVE-2003-0192  CVE-2003-0789  CVE-2003-0542  CVE-2004-0174
 CVE-2004-0493  CVE-2004-0747  CVE-2004-0786  CVE-2004-0809
 CVE-2004-0942  CVE-2003-0020  CVE-2005-2088  CVE-2005-2728
 CVE-2005-2491  CVE-2005-2970  CVE-2005-3352

This list does not necessarily include vulnerabilities which do not apply to IBM HTTP Server on any platform, such as mod_ssl vulnerabilities. It does not necessarily include vulnerabilities already fixed in the base level of Apache included in IBM HTTP Server.


Related information

Open SSL
IBM HTTP Server Support

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

IBM HTTP Server
SSL

Software version:

2.0, 6.0, 6.1, 7.0

Operating system(s):

AIX, HP-UX, Linux, Solaris, Windows

Software edition:

Edition Independent

Reference #:

1383959

Modified date:

2013-03-21

Translate my page

Machine Translation

Content navigation