httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: [users@httpd] Upgrading OpenSSL without upgrading Apache. Can it be done???
Date Tue, 24 Apr 2012 21:05:44 GMT
Great thanks for the info!

Where can I find out when will be bundling the latest version 
of OpenSSL with apache?  PCI compliance calls for using level "u" as of 

Brad Finkeldei

"William A. Rowe Jr." <> 
04/24/2012 03:49 PM
Please respond to


Re: [users@httpd] Upgrading OpenSSL without upgrading Apache.  Can it be 

On 4/24/2012 3:09 PM, TFML wrote:
> I'm assuming you're using some sort of Windows operating system.  I 
haven't done one in a
> few years, but I would assume the 1.0 version
> from should work like 
installing any other
> Windows Installer.  If someone else can't answer this, I'd suggest 
setting up a virtual
> environment and giving it a try before doing it on a production system.

Just as on unix, you can never drop in a x.y.n change with a new x value.
That's called a major bump and usually does not work.

OP could obtain a 0.9.8X flavor later than 0.9.8t and aught to be fine so 
as no special build options were changed, and it was built to run against
msvcrt.dll (the *system* c library).  It's the same quandry as on Ubuntu 
glibc vs eglibc packages.

If OP reviewed the patch release notes, they would be aware that an 
is unnecessary between 0.9.8t and 0.9.8w for anyone running httpd 2.2. The
new features in httpd 2.4 were vulnerable to issues there, however.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message