You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Leonay Wynn <lw...@gmail.com> on 2016/03/25 17:23:43 UTC

[users@httpd] TLSv1.2

HI,

I'm running RHEL 5.3. I upgraded my httpd version to Apache 2.4.18.
configured with this: $ ./configure --prefix=/apps/httpd --enable-ssl
--with-mpm=worker --enable-module=headers --enable-shared=headers

All works well.

I also installed OpenSSL 1.0.2g . I replaced my system installed openssl
binary with the OpenSSL 1.0.2g.

I updated my httpd-ssl.conf with
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384
EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH
EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP
!PSK !SRP !DSS"
SSLProtocol All -SSLv2 -SSLv3 +TLSv1.2

when I try to start httpd it complains:

SSLProtocol: Illegal protocol 'TLSv1.2'

does anyone have a procedure to make this work or know what I'm doing
incorrectly?

thanks

Re: [users@httpd] TLSv1.2

Posted by Otis DeWitt <ot...@noaa.gov>.

Start with only TLSv1.0

As your compile of 2.4 may not support 1.2


Sent from my iPhone

> On Mar 25, 2016, at 12:23 PM, Leonay Wynn <lw...@gmail.com> wrote:
> 
> HI,
> 
> I'm running RHEL 5.3. I upgraded my httpd version to Apache 2.4.18. 
> configured with this: $ ./configure --prefix=/apps/httpd --enable-ssl --with-mpm=worker --enable-module=headers --enable-shared=headers
> 
> All works well.
> 
> I also installed OpenSSL 1.0.2g . I replaced my system installed openssl binary with the OpenSSL 1.0.2g.
> 
> I updated my httpd-ssl.conf with
> SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP
> !PSK !SRP !DSS"
> SSLProtocol All -SSLv2 -SSLv3 +TLSv1.2
> 
> when I try to start httpd it complains:
> 
> SSLProtocol: Illegal protocol 'TLSv1.2'
> 
> does anyone have a procedure to make this work or know what I'm doing incorrectly?
> 
> thanks

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] TLSv1.2

Posted by Yann Ylavic <yl...@gmail.com>.

On Tue, Mar 29, 2016 at 6:03 PM, Leonay Wynn <lw...@gmail.com> wrote:
> I have added ./configure --prefix=/apps/httpd --enable-ssl
> --with-ssl=/usr/local/ssl --with-mpm=worker --enable-module=headers
> --enable-shared=headers
>
> my mod_headers.so is not being generated with this. I tried to copy over the
> mod.so files i need to run my previous config from my old dir but the are
> not working. do you know how i would go about getting the needed
> mod_headers.so ? i only see mod_headers.a and mod_headers.la in the modules
> directory.

You could try --enable-headers=shared instead of
--enable-module=headers plus -enable-shared=headers.

Regards,
Yann.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] TLSv1.2

Posted by Leonay Wynn <lw...@gmail.com>.

I have added ./configure --prefix=/apps/httpd --enable-ssl
--with-ssl=/usr/local/ssl --with-mpm=worker --enable-module=headers
--enable-shared=headers

my mod_headers.so is not being generated with this. I tried to copy over
the mod.so files i need to run my previous config from my old dir but the
are not working. do you know how i would go about getting the needed
mod_headers.so ? i only see mod_headers.a and mod_headers.la in the modules
directory.
thx

On Sat, Mar 26, 2016 at 5:01 AM, Luca Toscano <to...@gmail.com>
wrote:

> Hi!
>
> 2016-03-25 17:23 GMT+01:00 Leonay Wynn <lw...@gmail.com>:
>
>> HI,
>>
>> I'm running RHEL 5.3. I upgraded my httpd version to Apache 2.4.18.
>> configured with this: $ ./configure --prefix=/apps/httpd --enable-ssl
>> --with-mpm=worker --enable-module=headers --enable-shared=headers
>>
>> All works well.
>>
>> I also installed OpenSSL 1.0.2g . I replaced my system installed openssl
>> binary with the OpenSSL 1.0.2g.
>>
>> I updated my httpd-ssl.conf with
>> SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384
>> EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH
>> EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP
>> !PSK !SRP !DSS"
>> SSLProtocol All -SSLv2 -SSLv3 +TLSv1.2
>>
>> when I try to start httpd it complains:
>>
>> SSLProtocol: Illegal protocol 'TLSv1.2'
>>
>> does anyone have a procedure to make this work or know what I'm doing
>> incorrectly?
>>
>
> httpd is not picking up the new SSL lib (not binary), you could try with
> the configure option --with-ssl=DIR to instruct mod_ssl.
>
> Luca
>
>
>

Re: [users@httpd] TLSv1.2

Posted by Luca Toscano <to...@gmail.com>.

Hi!

2016-03-25 17:23 GMT+01:00 Leonay Wynn <lw...@gmail.com>:

> HI,
>
> I'm running RHEL 5.3. I upgraded my httpd version to Apache 2.4.18.
> configured with this: $ ./configure --prefix=/apps/httpd --enable-ssl
> --with-mpm=worker --enable-module=headers --enable-shared=headers
>
> All works well.
>
> I also installed OpenSSL 1.0.2g . I replaced my system installed openssl
> binary with the OpenSSL 1.0.2g.
>
> I updated my httpd-ssl.conf with
> SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384
> EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH
> EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP
> !PSK !SRP !DSS"
> SSLProtocol All -SSLv2 -SSLv3 +TLSv1.2
>
> when I try to start httpd it complains:
>
> SSLProtocol: Illegal protocol 'TLSv1.2'
>
> does anyone have a procedure to make this work or know what I'm doing
> incorrectly?
>

httpd is not picking up the new SSL lib (not binary), you could try with
the configure option --with-ssl=DIR to instruct mod_ssl.

Luca