httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mohanavelu Subramanian <mhnv...@gmail.com>
Subject Re: [users@httpd] Apache Web Server rpm(2.2.x) for Linux OS to support TLSv1.2
Date Thu, 27 Aug 2015 18:19:47 GMT
Hi Jeff,

I have followed the steps from the link.

1. ./configure --enable-so  --with-included-apr -enable-ssl
--with-ssl=/usr/share/doc/packages/openssl1

   it was successful.

2. I want to build an rpm. So i tried this using the httpd.spec file
shipped in apache2.2.31

 rpmbuild -tb httpd-2.2.31.tar.bz2
error: Failed build dependencies:
        apr-devel is needed by httpd-2.2.31-1.x86_64
        apr-util-devel is needed by httpd-2.2.31-1.x86_64
        openldap-devel is needed by httpd-2.2.31-1.x86_64
        db4-devel is needed by httpd-2.2.31-1.x86_64
        expat-devel is needed by httpd-2.2.31-1.x86_64
        pkgconfig is needed by httpd-2.2.31-1.x86_64

It seems it requires the above rpms for build to be successful. I could
find  apr-devel and apr-util-devel rpms in the internet.

Can you please help me in getting the remaining rpms.

Since yum tool is not installed on our Linux box, I could not download the
tools required for the build.

I followed link below as well.

http://www.erikwebb.net/blog/compile-and-install-apache-24-red-hat-enterprise-linux-rhel-6-or-centos-6/

Also, do I need to make any changes to the httpd.spec file ? Can someone
provide me the procedures to be followed for building a rpm for apache
version 2.2.31

Thanks & Regards,
Mohan


On Sun, Aug 23, 2015 at 12:51 PM, Mohanavelu Subramanian <mhnvelu@gmail.com>
wrote:

> Hi Jeff,
>
> Thanks a lot and I try to compile as per the link.
>
> Regards,
> Mohan
>
> On Sun, Aug 23, 2015 at 11:33 AM, jeffmonte101 . <jeffmonte101@gmail.com>
> wrote:
>
>> Hey Mohan,
>>
>> You may want to take a look into this link.
>>
>>
>> http://blog.ivanristic.com/2013/08/compiling-apache-with-static-openssl.html
>>
>> The above link shows how to do that.
>>
>>
>>
>> On Friday, August 14, 2015, Mohanavelu Subramanian <mhnvelu@gmail.com>
>> wrote:
>>
>>> Hi Daniel,
>>>
>>> Thanks a lot for the reply.
>>>
>>> I have downloaded the apache 2.2.31 source code and tried compiling it.
>>> But I end up getting many dependency issues. Also I searched on internet
>>> for those dependencies and I could not get.
>>>
>>> Could you please provide me some more details how to successfully
>>> generate the rpm with source code and its dependencies eg- Any reference or
>>> guidelines I can follow.
>>>
>>> Thanks & Regards,
>>> Mohan
>>>
>>>
>>>
>>> On Wed, Aug 12, 2015 at 1:21 AM, Daniel <dferradal@gmail.com> wrote:
>>>
>>>> you need to compile Apache over the new version of openssl libraries in
>>>> order for Apache HTTPd to correctly use the openssl version you want to use.
>>>>
>>>> Apache will allow you to use tlsv1.2 when the openssl version it was
>>>> compiled against supports it.
>>>>
>>>> 2015-08-11 21:01 GMT+02:00 Mohanavelu Subramanian <mhnvelu@gmail.com>:
>>>>
>>>>> Hi All,
>>>>>
>>>>> Good Morning.
>>>>>
>>>>> I am to new Apache Users mailing list. I have described the issue I am
>>>>> facing to support TLSv1.2
>>>>>
>>>>> Currently, our product use Apache 2.2.12 provided by SLES 11sp3.
>>>>> We are doing a securing hardening now by enabling only TLSv1.2
>>>>> protocol and disabling other protocols. I tried to configure "SSLProtocol
>>>>>  TLSv1.2". But after apache restart, it throws an error "invalid protocol".
>>>>> I came to know that mod_ssl refers openssl 0.9.8 version, though we have
>>>>> latest openssl 1.0.1(which supports TLSv1.2). The mod_ssl loads
>>>>> openssl0.9.8 always.
>>>>>
>>>>> It seems the latest Apache version 2.4.x supports TLSv1.2. But this
>>>>> apache version is available in SLES 12 only which wont be available for
us
>>>>> for another 6 months.So, we dropped this option.
>>>>>
>>>>> So, the procurement team advised us to use mod_nss which can support
>>>>> TLSv1.2 with Apache 2.2.12. We started the migration from mod_ssl to
>>>>> mod_nss and everything went well, but the directive "SSLVerifyClient
>>>>> optional_no_ca" is not available with mod_nss. It provides only
>>>>> none,optional,require.So, we are blocked on this and could not migrate
to
>>>>> mod_nss.
>>>>> Can you please suggest how to overcome this issue.
>>>>>
>>>>> Now, we are looking for Apache rpm (2.2.x) and its dependency rpms
>>>>> which supports TLSv1.2 on Linux. I googled and could not find the rpms
for
>>>>> Linux but only source code available to compile. I tried compiling it
but I
>>>>> got lot of dependency issues for which I could not get dependent rpms
from
>>>>> net. Also I could not find docs to guide how to compile and install.
>>>>>
>>>>> Could you please share your inputs or solutions on this issue if you
>>>>> had encountered before.
>>>>>
>>>>> Thanks in Advance.
>>>>>
>>>>> Regards,
>>>>> Mohan
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> *Daniel Ferradal*
>>>> IT Specialist
>>>>
>>>> email         dferradal at gmail.com
>>>> linkedin     es.linkedin.com/in/danielferradal
>>>>
>>>
>>>
>

Mime
View raw message