Derrick Koes wrote: > The IRI http://tomcat.apache.org/tomcat-5.5-doc/apr.html has the > information quoted below about the tcnative-1.dll. > > > > "Windows binaries are provided for tcnative-1, which is a statically > compiled .dll which includes OpenSSL and APR. It can be downloaded from > here <http://tomcat.heanet.ie/native/> as 32bit or AMD x86-64 binaries. > In security conscious production environments, it is recommended to use > separate shared dlls for OpenSSL, APR, and libtcnative-1, and update > them as needed according to security bulletins. Windows OpenSSL binaries > are linked from the Official OpenSSL website <http://www.openssl.org> > (see related/binaries)." > > > > Why would I be concerned security-wise, to use separate dll files?
As it says, so you can update them if a security vulnerability is announced in one of the ddls without having to wait for the ASF to provide you with a new static dll. Mark > Can I get the separate, compatible binaries for libtcnative and APR? I think you'd need to compile tcnative yourself. APR is almost certainly available. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
