Lasso 9.2.6 / Apache 2.4

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Lasso 9.2.6 / Apache 2.4

Rick Draper-2
Hi,

Has anyone played with Lasso 9.2.* and Apache 2.4?  Is there any reason not consider this?  What would be involved in getting them to play nicely together?

Our main reason for looking at this is the following module changes in Apache:

* mod_ssl can now be configured to use an OCSP server to check the validation status of a client certificate. The default responder is configurable, along with the decision on whether to prefer the responder designated in the client certificate itself.
* mod_ssl now also supports OCSP stapling, where the server pro-actively obtains an OCSP verification of its certificate and transmits that to the client during the handshake.
* mod_ssl can now be configured to share SSL Session data between servers through memcached

Thanks and very best regards,

Rick



#############################################################

Attend the Lasso Developer Conference 2013!
Sept 12-14, 2013 in Niagara Falls, Canada
http://www.lassosoft.com/LDC-niagara-falls-2013

#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso
[hidden email]
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Lasso 9.2.6 / Apache 2.4

Brad Lindsay
On 6/23/13, 9:01 PM, Rick Draper wrote:
> Has anyone played with Lasso 9.2.* and Apache 2.4?  Is there any reason not consider this?  What would be involved in getting them to play nicely together?

The main reason not to consider this is that the lasso apache connector
will probably need a recompile to work with 2.4. LassoSoft provides the
code in the SVN, so it might be just a simple compile against the 2.4
libraries.

Of course, you could just setup and use Lasso with FastCGI - no custom
connector needed. I don't know how to get instance manager with this
setup, but manually configuring instances isn't that hard.

All that said, if you go this route right now, you may not be able to
get support from LassoSoft as I don't believe they currently support
running Lasso with Apache 2.4.


HTH,
Brad

#############################################################

Attend the Lasso Developer Conference 2013!
Sept 12-14, 2013 in Niagara Falls, Canada
http://www.lassosoft.com/LDC-niagara-falls-2013

#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso
[hidden email]
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Lasso 9.2.6 / Apache 2.4

Jolle Carlestam-3
24 jun 2013 kl. 05:54 skrev "Brad Lindsay" <[hidden email]>:

>
> All that said, if you go this route right now, you may not be able to get support from LassoSoft as I don't believe they currently support running Lasso with Apache 2.4.

Given that the first word of the Lasso 9 tag line is "Security" they should sure be interested.

HDB
Jolle

Sent from a thin, flat, touchy device from an undetermined place in space.

#############################################################

Attend the Lasso Developer Conference 2013!
Sept 12-14, 2013 in Niagara Falls, Canada
http://www.lassosoft.com/LDC-niagara-falls-2013

#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso
[hidden email]
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Lasso 9.2.6 / Apache 2.4

stevepiercy
In reply to this post by Rick Draper-2
Under the System Requirements tab on this page:
http://www.lassosoft.com/Lasso-9-Server

It requires Apache 2.  No mention of Apache 2.4 or any other 2.x
specific version.  Nonetheless, as Brad noted, there ought to be
a footnote about compiling the connector and Apache itself on
your OS.

Furthermore, check the version of Apache supported by your OS.  
AFAIK, Apache 2.4 is not part of any RHEL/CentOS version yet and
requires that the developer compile it from source.

--steve


On 6/24/13 at 11:01 AM, [hidden email] (Rick
Draper) pronounced:

>Hi,
>
>Has anyone played with Lasso 9.2.* and Apache 2.4?  Is there
>any reason not consider this?  What would be involved in
>getting them to play nicely together?
>
>Our main reason for looking at this is the following module changes in Apache:
>
>* mod_ssl can now be configured to use an OCSP server to check
>the validation status of a client certificate. The default
>responder is configurable, along with the decision on whether
>to prefer the responder designated in the client certificate itself.
>* mod_ssl now also supports OCSP stapling, where the server
>pro-actively obtains an OCSP verification of its certificate
>and transmits that to the client during the handshake.
>* mod_ssl can now be configured to share SSL Session data
>between servers through memcached
>
>Thanks and very best regards,
>
>Rick
>
>
>
>#############################################################
>
>Attend the Lasso Developer Conference 2013!
>Sept 12-14, 2013 in Niagara Falls, Canada
>http://www.lassosoft.com/LDC-niagara-falls-2013
>
>#############################################################
>This message is sent to you because you are subscribed to
>the mailing list Lasso
>[hidden email]
>To unsubscribe, E-mail to: <[hidden email]>
>Send administrative queries to  <[hidden email]>

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- --
Steve Piercy               Web Site Builder              
Soquel, CA
<[hidden email]>                  <http://www.StevePiercy.com/>


#############################################################

Attend the Lasso Developer Conference 2013!
Sept 12-14, 2013 in Niagara Falls, Canada
http://www.lassosoft.com/LDC-niagara-falls-2013

#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso
[hidden email]
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Lasso 9.2.6 / Apache 2.4

Rachel Guthrie
We have noted that the change required to run Apache 2.4 from looking at the change notes http://mac.softpedia.com/progChangelog/Apache-Changelog-18991.html   
is to rename remote_ip to client_ip

The remote_ip is used in the LassoConnector file twice, just change each to the client_ip as stated above and this makes it useable.

We have not officially completed testing or incorporated it in a supported release, however we do know one client is operation on this.

Cheers

Rachel Guthrie
Manager, LassoSoft Inc


On 2013-06-24, at 12:54 AM, Steve Piercy - Web Site Builder wrote:

> Under the System Requirements tab on this page:
> http://www.lassosoft.com/Lasso-9-Server
>
> It requires Apache 2.  No mention of Apache 2.4 or any other 2.x specific version.  Nonetheless, as Brad noted, there ought to be a footnote about compiling the connector and Apache itself on your OS.
>
> Furthermore, check the version of Apache supported by your OS.  AFAIK, Apache 2.4 is not part of any RHEL/CentOS version yet and requires that the developer compile it from source.
>
> --steve
>
>
> On 6/24/13 at 11:01 AM, [hidden email] (Rick Draper) pronounced:
>
>> Hi,
>>
>> Has anyone played with Lasso 9.2.* and Apache 2.4?  Is there any reason not consider this?  What would be involved in getting them to play nicely together?
>>
>> Our main reason for looking at this is the following module changes in Apache:
>>
>> * mod_ssl can now be configured to use an OCSP server to check the validation status of a client certificate. The default responder is configurable, along with the decision on whether to prefer the responder designated in the client certificate itself.
>> * mod_ssl now also supports OCSP stapling, where the server pro-actively obtains an OCSP verification of its certificate and transmits that to the client during the handshake.
>> * mod_ssl can now be configured to share SSL Session data between servers through memcached
>>
>> Thanks and very best regards,
>>
>> Rick
>>
>>
>>
>> #############################################################
>>
>> Attend the Lasso Developer Conference 2013!
>> Sept 12-14, 2013 in Niagara Falls, Canada
>> http://www.lassosoft.com/LDC-niagara-falls-2013
>>
>> #############################################################
>> This message is sent to you because you are subscribed to
>> the mailing list Lasso
>> [hidden email]
>> To unsubscribe, E-mail to: <[hidden email]>
>> Send administrative queries to  <[hidden email]>
>
> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
> Steve Piercy               Web Site Builder               Soquel, CA
> <[hidden email]>                  <http://www.StevePiercy.com/>
>
>
> #############################################################
>
> Attend the Lasso Developer Conference 2013!
> Sept 12-14, 2013 in Niagara Falls, Canada
> http://www.lassosoft.com/LDC-niagara-falls-2013
>
> #############################################################
> This message is sent to you because you are subscribed to
> the mailing list Lasso
> [hidden email]
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>


#############################################################

Attend the Lasso Developer Conference 2013!
Sept 12-14, 2013 in Niagara Falls, Canada
http://www.lassosoft.com/LDC-niagara-falls-2013

#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso
[hidden email]
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

RE: Lasso 9.2.6 / Apache 2.4

Rick Draper-2
> We have not officially completed testing or incorporated it in a supported release, however we do know one client is operation on this.
> Rachel Guthrie

Thanks, Rachel and Brad and Steve.

The requirement to have easily manageable client certificate revocation is not immediate, but may arise soon dependent on a client's direction.  We'll hold off doing anything until things firm up a little more, but it's good to know that it is doable.

Very best regards,

Rick



#############################################################

Attend the Lasso Developer Conference 2013!
Sept 12-14, 2013 in Niagara Falls, Canada
http://www.lassosoft.com/LDC-niagara-falls-2013

#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso
[hidden email]
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>