[users@httpd] does apache 2.2 or latest support TLS 1.1

[securenamefirst securenamelast <se...@gmail.com>]

Hi,
i'm confused!
i read as part of the features list for Apache 2.2
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html
that
SSL_PROTOCOL string The SSL protocol version (SSLv2, SSLv3, TLSv1, TLSv1.1,
TLSv1.2)


however when i run the app using apache 2.2 i get following:
[Thu Nov 08 13:38:54 2012] [notice] Apache/2.2.10 (Unix) DAV/2
mod_ssl/2.2.10 OpenSSL/0.9.7d mod_jk/1.2.26 configured -- resuming normal
operations

meaning i'm using apache 2.2 but with openssl 0.9 whcih according to what i
read only supports upto TLSv1.0 and not above. to get TLS 1.1 apparently i
need open ssl 1.0.1.
https://community.qualys.com/thread/2013

problem 1 - does apache 2.2 or 2.4 support TLS 1.1 or not? - documentation
says it does via the mod ssl.

if yes then how do i get TLS1.1 working? i would appreaciate some
direction, app only way is to recompile with openssl 1.0 and that 2.2 does
not support TLSv1.1,

thanks

Re: [users@httpd] does apache 2.2 or latest support TLS 1.1

[Igor Cicimov <ic...@gmail.com>]

On Wed, Nov 21, 2012 at 9:22 AM, securenamefirst securenamelast <
securenamefirst@gmail.com> wrote:

> Thanks Igor,
> can i have 2 open ssl installations on same machine?
> i have apache 2.2 using open ssl 0.9 serving current application requests.
> i have requriment to transfer files over TLS1.1, hence need for open ssl
> 1.0.1.  seems an over kill to have a second webserver instance just to
> transfer files, but i see it as only solution.
>
> Files can be done via ftps using something like mina apache ftp server -
> probably same problem there to interms of open SSL 0.9.
> On Tue, Nov 20, 2012 at 9:44 PM, Igor Cicimov <ic...@gmail.com> wrote:
>
>>  On Wed, Nov 21, 2012 at 7:26 AM, securenamefirst securenamelast <
>> securenamefirst@gmail.com> wrote:
>>
>>> Hi,
>>> i'm confused!
>>> i read as part of the features list for Apache 2.2
>>> http://httpd.apache.org/docs/2.2/mod/mod_ssl.html
>>> that
>>> SSL_PROTOCOL string The SSL protocol version (SSLv2, SSLv3, TLSv1,
>>> TLSv1.1, TLSv1.2)
>>>
>>>
>>> however when i run the app using apache 2.2 i get following:
>>> [Thu Nov 08 13:38:54 2012] [notice] Apache/2.2.10 (Unix) DAV/2
>>> mod_ssl/2.2.10 OpenSSL/0.9.7d mod_jk/1.2.26 configured -- resuming normal
>>> operations
>>>
>>> meaning i'm using apache 2.2 but with openssl 0.9 whcih according to
>>> what i read only supports upto TLSv1.0 and not above. to get TLS 1.1
>>> apparently i need open ssl 1.0.1.
>>> https://community.qualys.com/thread/2013
>>>
>>> problem 1 - does apache 2.2 or 2.4 support TLS 1.1 or not? -
>>> documentation says it does via the mod ssl.
>>>
>>> if yes then how do i get TLS1.1 working? i would appreaciate some
>>> direction, app only way is to recompile with openssl 1.0 and that 2.2 does
>>> not support TLSv1.1,
>>>
>>> thanks
>>>
>>
>> Install open ssl 1.0.1 and recompile apache to use that one.
>>
>
>
Sure you can, this is how I compiled openssl on one redhat server couple of
weeks ago:
$ ./config --prefix=/usr/local *--openssldir=/usr/local/ssl* enable-tlsext
shared
$ sudo make && sudo make install

so you can use different --openssldir every time you compile a new version,
ie --openssldir=/usr/local/openssl-1.0.1c etc. and have several versions in
parallel.

Then compiled apache with the following command:

$ *LDFLAGS=-L/usr/local/lib64 CPPFLAGS=-I/usr/local/include* ./configure
--prefix=/usr/local/apache2 --with-mpm=worker --with-included-apr
--enable-info --enable-proxy --enable-proxy-connect --enable-proxy-ftp
--enable-proxy-http --enable-proxy-balancer --enable-rewrite
--enable-headers --enable-cache --enable-mem-cache --enable-disk-cache
--enable-expires --enable-mods-shared=all --enable-dav
--enable-deflate *--enable-ssl=shared
--with-ssl=/usr/local/ssl*

to point apache to the 1.0.1c openssl and use that one in runtime.

Re: [users@httpd] does apache 2.2 or latest support TLS 1.1

[securenamefirst securenamelast <se...@gmail.com>]

Thanks Igor,
can i have 2 open ssl installations on same machine?
i have apache 2.2 using open ssl 0.9 serving current application requests.
i have requriment to transfer files over TLS1.1, hence need for open ssl
1.0.1.  seems an over kill to have a second webserver instance just to
transfer files, but i see it as only solution.

Files can be done via ftps using something like mina apache ftp server -
probably same problem there to interms of open SSL 0.9.
On Tue, Nov 20, 2012 at 9:44 PM, Igor Cicimov <ic...@gmail.com> wrote:

>  On Wed, Nov 21, 2012 at 7:26 AM, securenamefirst securenamelast <
> securenamefirst@gmail.com> wrote:
>
>> Hi,
>> i'm confused!
>> i read as part of the features list for Apache 2.2
>> http://httpd.apache.org/docs/2.2/mod/mod_ssl.html
>> that
>> SSL_PROTOCOL string The SSL protocol version (SSLv2, SSLv3, TLSv1,
>> TLSv1.1, TLSv1.2)
>>
>>
>> however when i run the app using apache 2.2 i get following:
>> [Thu Nov 08 13:38:54 2012] [notice] Apache/2.2.10 (Unix) DAV/2
>> mod_ssl/2.2.10 OpenSSL/0.9.7d mod_jk/1.2.26 configured -- resuming normal
>> operations
>>
>> meaning i'm using apache 2.2 but with openssl 0.9 whcih according to what
>> i read only supports upto TLSv1.0 and not above. to get TLS 1.1 apparently
>> i need open ssl 1.0.1.
>> https://community.qualys.com/thread/2013
>>
>> problem 1 - does apache 2.2 or 2.4 support TLS 1.1 or not? -
>> documentation says it does via the mod ssl.
>>
>> if yes then how do i get TLS1.1 working? i would appreaciate some
>> direction, app only way is to recompile with openssl 1.0 and that 2.2 does
>> not support TLSv1.1,
>>
>> thanks
>>
>
> Install open ssl 1.0.1 and recompile apache to use that one.
>

Re: [users@httpd] does apache 2.2 or latest support TLS 1.1

[Igor Cicimov <ic...@gmail.com>]

On Wed, Nov 21, 2012 at 7:26 AM, securenamefirst securenamelast <
securenamefirst@gmail.com> wrote:

> Hi,
> i'm confused!
> i read as part of the features list for Apache 2.2
> http://httpd.apache.org/docs/2.2/mod/mod_ssl.html
> that
> SSL_PROTOCOL string The SSL protocol version (SSLv2, SSLv3, TLSv1,
> TLSv1.1, TLSv1.2)
>
>
> however when i run the app using apache 2.2 i get following:
> [Thu Nov 08 13:38:54 2012] [notice] Apache/2.2.10 (Unix) DAV/2
> mod_ssl/2.2.10 OpenSSL/0.9.7d mod_jk/1.2.26 configured -- resuming normal
> operations
>
> meaning i'm using apache 2.2 but with openssl 0.9 whcih according to what
> i read only supports upto TLSv1.0 and not above. to get TLS 1.1 apparently
> i need open ssl 1.0.1.
> https://community.qualys.com/thread/2013
>
> problem 1 - does apache 2.2 or 2.4 support TLS 1.1 or not? - documentation
> says it does via the mod ssl.
>
> if yes then how do i get TLS1.1 working? i would appreaciate some
> direction, app only way is to recompile with openssl 1.0 and that 2.2 does
> not support TLSv1.1,
>
> thanks
>

Install open ssl 1.0.1 and recompile apache to use that one.