Forum OpenACS Q&A: AOLserver discontinues SSL + FTP?

Collapse
Posted by James Hill on
Hi!  This may be a dumb question, but does the fact that AOLserver
discontinued SSL in its current release affect the eCommerce module
of OpenACS?  Also, I found it interesting that they discontinued the
FTP module.
Collapse
Posted by Don Baccus on
There are SSL solutions available, I think there are threads here and if not there should be at opennsd.org (try searching for "SSL").
Collapse
Posted by guido van driel on
Don't know about ftp but nsssl can easily be replaced by nsopenssl. Pascal Scheffers made a nice little howto on aolserver and OpenSSL.
Collapse
Posted by Michael A. Cleverly on
AOL no longer is able (willing? I don't know which) to make pre-compiled binaries of nsssl.so (the 128-bit version) available, though nsssle.so (40-bit unencumbered by export restrictions) is still available.
Collapse
Posted by Rich Graves on
nsopenssl caveat:

For compatibility with Macs (for as yet undetermined reasons), you need to turn off SSLv3 with the nsd.ini directive Protocol=SSLv2 (.tcl set protocol "SSLv2").

Since SSLv2 has obscure but real security problems, anyone who speaks C is Strongly Encouraged to help Scott track down and kill this beast. All I can do is whine that it still doesn't work (though the workaround does fine).

The "official" nsssl doesn't even try to support SSLv3, so you won't do better by finding a "bootleg" copy. nsopenssl has been completely stable for us in SSLv2 mode.

Collapse
Posted by James Harris on
I thought that export restrictions on 128 bit SSL had been removed.  I know that IBM HTTP Server (IBM's version of Apache) is freely avabilable around the world in the 128 bit version.
Collapse
Posted by Michael A. Cleverly on
About two weeks ago http://listserv.aol.com/cgi-bin/wa?A2=ind0103&L=aolserver&P=17812 Kriston Rehberg posted to the AOLserver mailing list and said: "We are no longer able to distribute the nsssl.so module in any form. We do provide nsssle.so in the binary kits collection on aolserver.com but binaries are expressly unsupported by us."

No other explanation as to why... (typical 😊. This topic came up last week on the web/db forum and Kerry Kurasaki reported that nsssl.so builds cleanly if you get the 128-bit RSA libraries.

Collapse
Posted by Michael A. Cleverly on
As for the ftp module, I believe the last version that included it was AOLserver 2.3.3 which was released back in early 1999 or so.