I’ve always used the Apache Webserver when creating SSL based websites. It seems like the Python HTTP Server library can handle SSL based services too, provided you have the certificates. I’m not as certain the Python webserver can provide services as secure and safe as Apache, but since I’m unable to find out more about the qualities of it, I’m wondering if I’m wasting my time trying to use it in my web2py framework.
What are the pros and cons of using the Python HTTP Server SSL vs Apache SSL in terms of security?
Note: I’m not concerned about performance and load bearing
Both Apache and Python are using the OpenSSL libraries, so from just this one very simple feature, they should be almost identical. (kind of a strange question… why are you not taking into consideration all of the other security implications of this change?)
That being said, HTTP daemons are pretty complex and the security of these HTTP daemons are widely different. Apache is sill run by the majority of websites and there for has the most hackers looking at it and by extension has had more vulnerabilities removed than probably any other HTTP daemon. Personally I wouldn’t use anything other than Apache for a security critical application.
By contrast Python’s HTTP server isn’t widely used has suffered from very silly vulnerabilities like forgetting to set a content-type which makes it nearly impossible to prevent XSS. There are probably more silly vulnerabilities in Python’s HTTP daemon yet to be discovered.