Working on my panel. One of the last things I'm working on is SSL. Just wondering what you guys prefer mod ssl or openssl?

Probably a good thing that you asked. I just got bit big time when I moved my web sites to a dedicated server that had apache-mod_ssl installed by default (Redhat 7.2 OS). I was running an older version of apache-mod_ssl on my previous serves running FreeBSD with no problem, so I did not expect any transition problems. After carefully checking everything out on the new servers, I moved the last of my web sites that required secure server for checkout (about 150). Almost immediately I started getting calls from my clients that they were getting errors going to the secure server, and that was just the tip of the iceburg since their customers are accessing their stores from all over the world.

It turns out that the current version of open_ssl and mod_ssl have a problem with a lot of Inernet Explorer browsers, especially those in the version 5 range. Those browsers have a bug implemening the ssl properly. After I started having problems I did some web searching and found that it was a known problem, and there were some "fixes", but none of them worked. (Netscape works fine with mod_ssl though.)

Finally I compiled apache-ssl and started running it as the secure server, and all my problems disappeared immediately. I had several sleepless nights though figuring out how to solve the problem.

So the bottom line is to be careful with mod_ssl unless you can control which browsers are going to access it. In my case I have no control over the browsers since we are talking about many thouands of users daily from all over the world.

Hope that helps.
Bob

Greetings:

If you look at http://www.modssl.org/example/, ModSSL goes over top of OpenSSL.

We've been using OpenSSL + ModSSL for several years now with no problems experienced by our customers; no browser problems.

Thank you.

Yes, but are you using the current version of mod_ssl and OpenSSL, that is where the problem exists. I did not have any problems with my older version, that is why it caught me by surprise.

I've learned just to build apache from source, so I can set it up how I like it. Apache RPMs suck (IMHO).

I hate RPMs also, most do not give you any choices, you do it our way :banghead:
After installing an rpm I have to go figure out where it installed, etc. Building a program like Apache from source allows a lot of control--I even have a version that I compile to run for admin purposes on a separate port with root privileges so that system tasks can be accomplished. Of course that is dangerous, and you have to take a lot of security precautions so that only a few selected people can run that particular web server. With that setup I design my own "control panel" with cgi scripting to accomplish a variety of tasks. That allows my partner and employees to perform tasks without having to know UNIX/Linux.