Return-Path: X-Original-To: apmail-httpd-users-archive@www.apache.org Delivered-To: apmail-httpd-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D917519186 for ; Sat, 26 Mar 2016 09:01:13 +0000 (UTC) Received: (qmail 44852 invoked by uid 500); 26 Mar 2016 09:01:11 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 44820 invoked by uid 500); 26 Mar 2016 09:01:11 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 44810 invoked by uid 99); 26 Mar 2016 09:01:11 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 26 Mar 2016 09:01:11 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id B9A42180518 for ; Sat, 26 Mar 2016 09:01:10 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.179 X-Spam-Level: * X-Spam-Status: No, score=1.179 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx2-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id CpPPeGF8GFmV for ; Sat, 26 Mar 2016 09:01:09 +0000 (UTC) Received: from mail-lf0-f46.google.com (mail-lf0-f46.google.com [209.85.215.46]) by mx2-lw-us.apache.org (ASF Mail Server at mx2-lw-us.apache.org) with ESMTPS id 6E5705F238 for ; Sat, 26 Mar 2016 09:01:09 +0000 (UTC) Received: by mail-lf0-f46.google.com with SMTP id e133so9171089lfe.3 for ; Sat, 26 Mar 2016 02:01:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to; bh=Je7bITYvsMpCSl5v2OhlcECaBvPE+qNkxceGHm7mXf4=; b=Ei9HqF6eQBlluaXW11Y2OP/gIryL+RDYtSggvE945+Pm4AVi/cp4GbuogVyvlrNHpc i9TmfJyDotVdlyaZgZiYCL6cRRWupWiXaK4jPVXUnUSe3R6jRkZPX8zlHs82Z1hAXKl6 2iW1pKrP4rl1cXKmhLX4Pt/SavXT7d/yO2KWyNhvMYbTjCcPZcVxdKOKAffKcMBlRvbX Wot+gVoOUiGGysTdiu7e+YeDiXCEkO6z6E6EtWJy1We+z590/tw1oYcs/m3AAlSSZMyw X9AelBEm0aWHppOWzlBlMCaYeyCYJHxqR4lOuYqSPZN8f7KypyzErhxYjh81dvmL0deZ mlFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to; bh=Je7bITYvsMpCSl5v2OhlcECaBvPE+qNkxceGHm7mXf4=; b=eXZd4KmHbW7sZS1OI5Rcp8pS4xSb3t1zSdLZoKB8PS2ndQs1EovVOlrUe+DlHZtJPw EEelSuI7AEkFf8mSVsTdV47rABuaWeNY4c4f1XecL7wqoxV74HC/ACTVAfszZm8RmQMn JzIirh0a5wm9WuEe5J4sDtif4O1N5REqHOPG5oOIalElBvkPFBvPUqa/6NZ1/xvOQ0Xq 34ORDIYnbWlsHVA0faKh/LEXFrkvq4shv1dVkyUyNgT5Z5HbJRs2nAdUGUwdRcHKGYuQ xzvCXBzGRachc4D7xy/FeNxZTSD/aru+dLG4fRMeRqbhWq84WI8uDwmxe/Dpy/u0viiX Bdcw== X-Gm-Message-State: AD7BkJJH1UJ1qOykDXhGaTEbOen6qwcqyFtV4alCumJJZHJe/4WxfPT0nsZ9/MuekNoxjiRFVL7d4X2lEmehGg== MIME-Version: 1.0 X-Received: by 10.25.40.81 with SMTP id o78mr5756623lfo.22.1458982867920; Sat, 26 Mar 2016 02:01:07 -0700 (PDT) Received: by 10.25.31.135 with HTTP; Sat, 26 Mar 2016 02:01:07 -0700 (PDT) In-Reply-To: References: Date: Sat, 26 Mar 2016 10:01:07 +0100 Message-ID: From: Luca Toscano To: users@httpd.apache.org Content-Type: multipart/alternative; boundary=001a11410bb6936c17052eefeb81 Subject: Re: [users@httpd] TLSv1.2 --001a11410bb6936c17052eefeb81 Content-Type: text/plain; charset=UTF-8 Hi! 2016-03-25 17:23 GMT+01:00 Leonay Wynn : > HI, > > I'm running RHEL 5.3. I upgraded my httpd version to Apache 2.4.18. > configured with this: $ ./configure --prefix=/apps/httpd --enable-ssl > --with-mpm=worker --enable-module=headers --enable-shared=headers > > All works well. > > I also installed OpenSSL 1.0.2g . I replaced my system installed openssl > binary with the OpenSSL 1.0.2g. > > I updated my httpd-ssl.conf with > SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 > EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH > EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP > !PSK !SRP !DSS" > SSLProtocol All -SSLv2 -SSLv3 +TLSv1.2 > > when I try to start httpd it complains: > > SSLProtocol: Illegal protocol 'TLSv1.2' > > does anyone have a procedure to make this work or know what I'm doing > incorrectly? > httpd is not picking up the new SSL lib (not binary), you could try with the configure option --with-ssl=DIR to instruct mod_ssl. Luca --001a11410bb6936c17052eefeb81 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi!

2016-03-25 17:23 GMT+01:00 Leonay Wynn <lwkj328@gmail.com>:
HI,

I'm running RHEL 5.3. I upgraded my httpd version to Apache 2.4.18.= =C2=A0
configured with this: $ ./configure --prefix=3D/apps/httpd= --enable-ssl --with-mpm=3Dworker --enable-module=3Dheaders --enable-shared= =3Dheaders

All works well.

I also installed OpenSSL 1.0.2g . I replaced my system installed openssl = binary with the OpenSSL 1.0.2g.

I updated my httpd= -ssl.conf with
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRS= A+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA= +SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EX= P
!PSK !SRP !DSS"
SSLProtocol All -SSLv2 -SSLv3 +TLSv1.2

when I try to start httpd it complains:

SSLProtocol: Illegal protocol 'TLSv1.2'

does anyone have a procedure to make this work or know what I'm d= oing incorrectly?

httpd is not = picking up the new SSL lib (not binary), you could try with the configure o= ption=C2=A0--with-ssl=3DDIR to instruct mod_ssl.

L= uca

=C2=A0
--001a11410bb6936c17052eefeb81--