httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mohanavelu Subramanian <mhnv...@gmail.com>
Subject Re: [users@httpd] Apache Web Server rpm(2.2.x) for Linux OS to support TLSv1.2
Date Sun, 23 Aug 2015 07:21:45 GMT
Hi Jeff,

Thanks a lot and I try to compile as per the link.

Regards,
Mohan

On Sun, Aug 23, 2015 at 11:33 AM, jeffmonte101 . <jeffmonte101@gmail.com>
wrote:

> Hey Mohan,
>
> You may want to take a look into this link.
>
>
> http://blog.ivanristic.com/2013/08/compiling-apache-with-static-openssl.html
>
> The above link shows how to do that.
>
>
>
> On Friday, August 14, 2015, Mohanavelu Subramanian <mhnvelu@gmail.com>
> wrote:
>
>> Hi Daniel,
>>
>> Thanks a lot for the reply.
>>
>> I have downloaded the apache 2.2.31 source code and tried compiling it.
>> But I end up getting many dependency issues. Also I searched on internet
>> for those dependencies and I could not get.
>>
>> Could you please provide me some more details how to successfully
>> generate the rpm with source code and its dependencies eg- Any reference or
>> guidelines I can follow.
>>
>> Thanks & Regards,
>> Mohan
>>
>>
>>
>> On Wed, Aug 12, 2015 at 1:21 AM, Daniel <dferradal@gmail.com> wrote:
>>
>>> you need to compile Apache over the new version of openssl libraries in
>>> order for Apache HTTPd to correctly use the openssl version you want to use.
>>>
>>> Apache will allow you to use tlsv1.2 when the openssl version it was
>>> compiled against supports it.
>>>
>>> 2015-08-11 21:01 GMT+02:00 Mohanavelu Subramanian <mhnvelu@gmail.com>:
>>>
>>>> Hi All,
>>>>
>>>> Good Morning.
>>>>
>>>> I am to new Apache Users mailing list. I have described the issue I am
>>>> facing to support TLSv1.2
>>>>
>>>> Currently, our product use Apache 2.2.12 provided by SLES 11sp3.
>>>> We are doing a securing hardening now by enabling only TLSv1.2 protocol
>>>> and disabling other protocols. I tried to configure "SSLProtocol  TLSv1.2".
>>>> But after apache restart, it throws an error "invalid protocol". I came to
>>>> know that mod_ssl refers openssl 0.9.8 version, though we have latest
>>>> openssl 1.0.1(which supports TLSv1.2). The mod_ssl loads openssl0.9.8
>>>> always.
>>>>
>>>> It seems the latest Apache version 2.4.x supports TLSv1.2. But this
>>>> apache version is available in SLES 12 only which wont be available for us
>>>> for another 6 months.So, we dropped this option.
>>>>
>>>> So, the procurement team advised us to use mod_nss which can support
>>>> TLSv1.2 with Apache 2.2.12. We started the migration from mod_ssl to
>>>> mod_nss and everything went well, but the directive "SSLVerifyClient
>>>> optional_no_ca" is not available with mod_nss. It provides only
>>>> none,optional,require.So, we are blocked on this and could not migrate to
>>>> mod_nss.
>>>> Can you please suggest how to overcome this issue.
>>>>
>>>> Now, we are looking for Apache rpm (2.2.x) and its dependency rpms
>>>> which supports TLSv1.2 on Linux. I googled and could not find the rpms for
>>>> Linux but only source code available to compile. I tried compiling it but
I
>>>> got lot of dependency issues for which I could not get dependent rpms from
>>>> net. Also I could not find docs to guide how to compile and install.
>>>>
>>>> Could you please share your inputs or solutions on this issue if you
>>>> had encountered before.
>>>>
>>>> Thanks in Advance.
>>>>
>>>> Regards,
>>>> Mohan
>>>>
>>>
>>>
>>>
>>> --
>>> *Daniel Ferradal*
>>> IT Specialist
>>>
>>> email         dferradal at gmail.com
>>> linkedin     es.linkedin.com/in/danielferradal
>>>
>>
>>

Mime
View raw message