Discussion:
tcnative-1.dll on windows environment questions
Derrick Koes
2009-06-09 17:43:10 UTC
Permalink
The IRI http://tomcat.apache.org/tomcat-5.5-doc/apr.html has the
information quoted below about the tcnative-1.dll.



"Windows binaries are provided for tcnative-1, which is a statically
compiled .dll which includes OpenSSL and APR. It can be downloaded from
here <http://tomcat.heanet.ie/native/> as 32bit or AMD x86-64 binaries.
In security conscious production environments, it is recommended to use
separate shared dlls for OpenSSL, APR, and libtcnative-1, and update
them as needed according to security bulletins. Windows OpenSSL binaries
are linked from the Official OpenSSL website <http://www.openssl.org>
(see related/binaries)."



Why would I be concerned security-wise, to use separate dll files?

Can I get the separate, compatible binaries for libtcnative and APR?



Thanks,

Derrick
Mark Thomas
2009-06-09 18:44:54 UTC
Permalink
Post by Derrick Koes
The IRI http://tomcat.apache.org/tomcat-5.5-doc/apr.html has the
information quoted below about the tcnative-1.dll.
"Windows binaries are provided for tcnative-1, which is a statically
compiled .dll which includes OpenSSL and APR. It can be downloaded from
here <http://tomcat.heanet.ie/native/> as 32bit or AMD x86-64 binaries.
In security conscious production environments, it is recommended to use
separate shared dlls for OpenSSL, APR, and libtcnative-1, and update
them as needed according to security bulletins. Windows OpenSSL binaries
are linked from the Official OpenSSL website <http://www.openssl.org>
(see related/binaries)."
Why would I be concerned security-wise, to use separate dll files?
As it says, so you can update them if a security vulnerability is
announced in one of the ddls without having to wait for the ASF to
provide you with a new static dll.

Mark
Post by Derrick Koes
Can I get the separate, compatible binaries for libtcnative and APR?
I think you'd need to compile tcnative yourself. APR is almost certainly
available.

Mark
Mladen Turk
2009-06-09 19:05:31 UTC
Permalink
Post by Derrick Koes
The IRI http://tomcat.apache.org/tomcat-5.5-doc/apr.html has the
information quoted below about the tcnative-1.dll.
"Windows binaries are provided for tcnative-1, which is a statically
compiled .dll which includes OpenSSL and APR. It can be downloaded from
here <http://tomcat.heanet.ie/native/> as 32bit or AMD x86-64 binaries.
In security conscious production environments, it is recommended to use
separate shared dlls for OpenSSL, APR, and libtcnative-1, and update
them as needed according to security bulletins. Windows OpenSSL binaries
are linked from the Official OpenSSL website <http://www.openssl.org>
(see related/binaries)."
This is a bit outdated page. ASF made agreement with US government,
( http://www.apache.org/dev/crypto.html )
so we can ship the binaries from our site, and we do so since version
1.1.13, so for more recent versions use the

http://tomcat.apache.org/download-native.cgi


Regards
--
^(TM)
Loading...