httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "jeffmonte101 ." <jeffmonte...@gmail.com>
Subject Re: [users@httpd] Apache Web Server rpm(2.2.x) for Linux OS to support TLSv1.2
Date Sun, 23 Aug 2015 06:03:03 GMT
Hey Mohan,

You may want to take a look into this link.

http://blog.ivanristic.com/2013/08/compiling-apache-with-static-openssl.html

The above link shows how to do that.



On Friday, August 14, 2015, Mohanavelu Subramanian <mhnvelu@gmail.com>
wrote:

> Hi Daniel,
>
> Thanks a lot for the reply.
>
> I have downloaded the apache 2.2.31 source code and tried compiling it.
> But I end up getting many dependency issues. Also I searched on internet
> for those dependencies and I could not get.
>
> Could you please provide me some more details how to successfully generate
> the rpm with source code and its dependencies eg- Any reference or
> guidelines I can follow.
>
> Thanks & Regards,
> Mohan
>
>
>
> On Wed, Aug 12, 2015 at 1:21 AM, Daniel <dferradal@gmail.com
> <javascript:_e(%7B%7D,'cvml','dferradal@gmail.com');>> wrote:
>
>> you need to compile Apache over the new version of openssl libraries in
>> order for Apache HTTPd to correctly use the openssl version you want to use.
>>
>> Apache will allow you to use tlsv1.2 when the openssl version it was
>> compiled against supports it.
>>
>> 2015-08-11 21:01 GMT+02:00 Mohanavelu Subramanian <mhnvelu@gmail.com
>> <javascript:_e(%7B%7D,'cvml','mhnvelu@gmail.com');>>:
>>
>>> Hi All,
>>>
>>> Good Morning.
>>>
>>> I am to new Apache Users mailing list. I have described the issue I am
>>> facing to support TLSv1.2
>>>
>>> Currently, our product use Apache 2.2.12 provided by SLES 11sp3.
>>> We are doing a securing hardening now by enabling only TLSv1.2 protocol
>>> and disabling other protocols. I tried to configure "SSLProtocol  TLSv1.2".
>>> But after apache restart, it throws an error "invalid protocol". I came to
>>> know that mod_ssl refers openssl 0.9.8 version, though we have latest
>>> openssl 1.0.1(which supports TLSv1.2). The mod_ssl loads openssl0.9.8
>>> always.
>>>
>>> It seems the latest Apache version 2.4.x supports TLSv1.2. But this
>>> apache version is available in SLES 12 only which wont be available for us
>>> for another 6 months.So, we dropped this option.
>>>
>>> So, the procurement team advised us to use mod_nss which can support
>>> TLSv1.2 with Apache 2.2.12. We started the migration from mod_ssl to
>>> mod_nss and everything went well, but the directive "SSLVerifyClient
>>> optional_no_ca" is not available with mod_nss. It provides only
>>> none,optional,require.So, we are blocked on this and could not migrate to
>>> mod_nss.
>>> Can you please suggest how to overcome this issue.
>>>
>>> Now, we are looking for Apache rpm (2.2.x) and its dependency rpms which
>>> supports TLSv1.2 on Linux. I googled and could not find the rpms for Linux
>>> but only source code available to compile. I tried compiling it but I got
>>> lot of dependency issues for which I could not get dependent rpms from net.
>>> Also I could not find docs to guide how to compile and install.
>>>
>>> Could you please share your inputs or solutions on this issue if you had
>>> encountered before.
>>>
>>> Thanks in Advance.
>>>
>>> Regards,
>>> Mohan
>>>
>>
>>
>>
>> --
>> *Daniel Ferradal*
>> IT Specialist
>>
>> email         dferradal at gmail.com
>> linkedin     es.linkedin.com/in/danielferradal
>>
>
>

Mime
View raw message