httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mohanavelu Subramanian <mhnv...@gmail.com>
Subject Re: [users@httpd] Apache Web Server rpm(2.2.x) for Linux OS to support TLSv1.2
Date Fri, 14 Aug 2015 11:28:04 GMT
Hi Daniel,

Thanks a lot for the reply.

I have downloaded the apache 2.2.31 source code and tried compiling it. But
I end up getting many dependency issues. Also I searched on internet for
those dependencies and I could not get.

Could you please provide me some more details how to successfully generate
the rpm with source code and its dependencies eg- Any reference or
guidelines I can follow.

Thanks & Regards,
Mohan



On Wed, Aug 12, 2015 at 1:21 AM, Daniel <dferradal@gmail.com> wrote:

> you need to compile Apache over the new version of openssl libraries in
> order for Apache HTTPd to correctly use the openssl version you want to use.
>
> Apache will allow you to use tlsv1.2 when the openssl version it was
> compiled against supports it.
>
> 2015-08-11 21:01 GMT+02:00 Mohanavelu Subramanian <mhnvelu@gmail.com>:
>
>> Hi All,
>>
>> Good Morning.
>>
>> I am to new Apache Users mailing list. I have described the issue I am
>> facing to support TLSv1.2
>>
>> Currently, our product use Apache 2.2.12 provided by SLES 11sp3.
>> We are doing a securing hardening now by enabling only TLSv1.2 protocol
>> and disabling other protocols. I tried to configure "SSLProtocol  TLSv1.2".
>> But after apache restart, it throws an error "invalid protocol". I came to
>> know that mod_ssl refers openssl 0.9.8 version, though we have latest
>> openssl 1.0.1(which supports TLSv1.2). The mod_ssl loads openssl0.9.8
>> always.
>>
>> It seems the latest Apache version 2.4.x supports TLSv1.2. But this
>> apache version is available in SLES 12 only which wont be available for us
>> for another 6 months.So, we dropped this option.
>>
>> So, the procurement team advised us to use mod_nss which can support
>> TLSv1.2 with Apache 2.2.12. We started the migration from mod_ssl to
>> mod_nss and everything went well, but the directive "SSLVerifyClient
>> optional_no_ca" is not available with mod_nss. It provides only
>> none,optional,require.So, we are blocked on this and could not migrate to
>> mod_nss.
>> Can you please suggest how to overcome this issue.
>>
>> Now, we are looking for Apache rpm (2.2.x) and its dependency rpms which
>> supports TLSv1.2 on Linux. I googled and could not find the rpms for Linux
>> but only source code available to compile. I tried compiling it but I got
>> lot of dependency issues for which I could not get dependent rpms from net.
>> Also I could not find docs to guide how to compile and install.
>>
>> Could you please share your inputs or solutions on this issue if you had
>> encountered before.
>>
>> Thanks in Advance.
>>
>> Regards,
>> Mohan
>>
>
>
>
> --
> *Daniel Ferradal*
> IT Specialist
>
> email         dferradal at gmail.com
> linkedin     es.linkedin.com/in/danielferradal
>

Mime
View raw message