You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Sailaja Gadireddy <sa...@gmail.com> on 2015/03/19 07:32:01 UTC
[users@httpd] How to enable TLSV1.1 or above on Apache
Hello Team,
Currently my Apache server supports SSLV2, V3, TLSV1.
The client requirement is to enalbe TLSV1.1 or above on the webserver.
Current Version of Apache: Apache V2.2.16
When I tried to Add SSLProtocol All TLSv1.1 TLSv1.2. Server has thrown the
error saying Illegal Protocol.
Please do let me know the steps for enabling TLSV1.1 or above.
Thanks & Regards,
Sailaja.
Re: [users@httpd] How to enable TLSV1.1 or above on Apache
Posted by Rainer Jung <ra...@kippdata.de>.
Am 27.03.2015 um 14:40 schrieb Cathy Fauntleroy:
> I am on a Windows 2008 R2 server with Apache 2.2.25/OpenSSL 0.9.8 installed. I am attempting to upgrade OpenSSL to 1.0.1 so that TLS 1.1 and 1.2 will be enabled. I am having problems installing 1.0.1 because of what appears to be a platform conflict. My installation halts because a file in what is definitely a Unix/Linux path is not found. I am on a Windows platform and downloaded a file for windows. Any help would be greatly appreciated. Am I missing something or have I stumbled upon a mis-categorized download? I've tried several sites.
On the Windows platform many use the binary Apache httpd downloads from
ApacheLounge:
http://www.apachelounge.com/download/
Regards,
Rainer
> -----Original Message-----
> From: Rainer Jung [mailto:rainer.jung@kippdata.de]
> Sent: Friday, March 27, 2015 5:53 AM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] How to enable TLSV1.1 or above on Apache
>
> Am 27.03.2015 um 06:22 schrieb Sailaja Gadireddy:
>> Hello Team,
>>
>> I have upgraded my apache to Apache V2.4.3. and OpenSSL version is
>> 0.9.8g
>>
>> When I have modified httpd conf with SSLProtocol TLSV1.1, It says
>> Illegal protocol.
>>
>> Do I need to install latest openssl version? If so please suggest the
>> version.
>>
>> Please suggest me the way to enable TLSV1.1 on Apache.
>
> You need OpenSSL 1.0.1 as a minimum for TLS 1.1 (and 1.2) support.
>
> Regards,
>
> Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] How to enable TLSV1.1 or above on Apache
Posted by Cathy Fauntleroy <ca...@vdtg.com>.
I am on a Windows 2008 R2 server with Apache 2.2.25/OpenSSL 0.9.8 installed. I am attempting to upgrade OpenSSL to 1.0.1 so that TLS 1.1 and 1.2 will be enabled. I am having problems installing 1.0.1 because of what appears to be a platform conflict. My installation halts because a file in what is definitely a Unix/Linux path is not found. I am on a Windows platform and downloaded a file for windows. Any help would be greatly appreciated. Am I missing something or have I stumbled upon a mis-categorized download? I've tried several sites.
Thanks…
Cathy
-----Original Message-----
From: Rainer Jung [mailto:rainer.jung@kippdata.de]
Sent: Friday, March 27, 2015 5:53 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] How to enable TLSV1.1 or above on Apache
Am 27.03.2015 um 06:22 schrieb Sailaja Gadireddy:
> Hello Team,
>
> I have upgraded my apache to Apache V2.4.3. and OpenSSL version is
> 0.9.8g
>
> When I have modified httpd conf with SSLProtocol TLSV1.1, It says
> Illegal protocol.
>
> Do I need to install latest openssl version? If so please suggest the
> version.
>
> Please suggest me the way to enable TLSV1.1 on Apache.
You need OpenSSL 1.0.1 as a minimum for TLS 1.1 (and 1.2) support.
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] How to enable TLSV1.1 or above on Apache
Posted by Rainer Jung <ra...@kippdata.de>.
Am 27.03.2015 um 06:22 schrieb Sailaja Gadireddy:
> Hello Team,
>
> I have upgraded my apache to Apache V2.4.3. and OpenSSL version is 0.9.8g
>
> When I have modified httpd conf with SSLProtocol TLSV1.1, It says
> Illegal protocol.
>
> Do I need to install latest openssl version? If so please suggest the
> version.
>
> Please suggest me the way to enable TLSV1.1 on Apache.
You need OpenSSL 1.0.1 as a minimum for TLS 1.1 (and 1.2) support.
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] How to enable TLSV1.1 or above on Apache
Posted by Sailaja Gadireddy <sa...@gmail.com>.
Hello Team,
I have upgraded my apache to Apache V2.4.3. and OpenSSL version is 0.9.8g
When I have modified httpd conf with SSLProtocol TLSV1.1, It says Illegal
protocol.
Do I need to install latest openssl version? If so please suggest the
version.
Please suggest me the way to enable TLSV1.1 on Apache.
Thanks & Regards,
Sailaja.
On Fri, Mar 20, 2015 at 2:12 AM, Eric Covener <co...@gmail.com> wrote:
> On Thu, Mar 19, 2015 at 2:35 PM, Cathy Fauntleroy
> <ca...@vdtg.com> wrote:
> > OpenSSL 0.9.8 supports TLS1.1 but, apparently, not TLS 1.2. At least
> not easily because I am running 0.9.8 and have TLS1.1 protocol enabled. I
> am trying to enable TLS 1.2 with NO luck. I have Apache 2.2.25 installed.
> Any ideas?
>
> Build and run against a modern release of openssl, or use a
> distribution that provides a modern build of them that works together.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] How to enable TLSV1.1 or above on Apache
Posted by Eric Covener <co...@gmail.com>.
On Thu, Mar 19, 2015 at 2:35 PM, Cathy Fauntleroy
<ca...@vdtg.com> wrote:
> OpenSSL 0.9.8 supports TLS1.1 but, apparently, not TLS 1.2. At least not easily because I am running 0.9.8 and have TLS1.1 protocol enabled. I am trying to enable TLS 1.2 with NO luck. I have Apache 2.2.25 installed. Any ideas?
Build and run against a modern release of openssl, or use a
distribution that provides a modern build of them that works together.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] How to enable TLSV1.1 or above on Apache
Posted by Cathy Fauntleroy <ca...@vdtg.com>.
I misspoke. OpenSSL 0.9.8 does NOT support TLSv1.1. My apologies...
Thanks…
Cathy Fauntleroy, Security+
Van Dyke Technology Group
Email: cathy.fauntleroy@vdtg.com
Office: (443) 832-4768
-----Original Message-----
From: Cathy Fauntleroy [mailto:cathy.fauntleroy@vdtg.com]
Sent: Thursday, March 19, 2015 2:35 PM
To: users@httpd.apache.org
Subject: RE: [users@httpd] How to enable TLSV1.1 or above on Apache
OpenSSL 0.9.8 supports TLS1.1 but, apparently, not TLS 1.2. At least not easily because I am running 0.9.8 and have TLS1.1 protocol enabled. I am trying to enable TLS 1.2 with NO luck. I have Apache 2.2.25 installed. Any ideas?
Thanks…
Cathy Fauntleroy, Security+
Van Dyke Technology Group
Email: cathy.fauntleroy@vdtg.com
Office: (443) 832-4768
-----Original Message-----
From: Robert Webb [mailto:rwebb@ropeguru.com]
Sent: Thursday, March 19, 2015 8:25 AM
To: users@httpd.apache.org; Sailaja Gadireddy
Subject: Re: [users@httpd] How to enable TLSV1.1 or above on Apache
What version of OpenSSL are you running. I don't believe OpenSSL 0.9.8 supports TLS 1.1 or 1.2.
Robert
On Thu, 19 Mar 2015 12:02:01 +0530
Sailaja Gadireddy <sa...@gmail.com> wrote:
> Hello Team,
>
> Currently my Apache server supports SSLV2, V3, TLSV1.
>
> The client requirement is to enalbe TLSV1.1 or above on the webserver.
>
> Current Version of Apache: Apache V2.2.16
>
> When I tried to Add SSLProtocol All TLSv1.1 TLSv1.2. Server has thrown
>the error saying Illegal Protocol.
>
> Please do let me know the steps for enabling TLSV1.1 or above.
>
> Thanks & Regards,
> Sailaja.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] How to enable TLSV1.1 or above on Apache
Posted by Cathy Fauntleroy <ca...@vdtg.com>.
OpenSSL 0.9.8 supports TLS1.1 but, apparently, not TLS 1.2. At least not easily because I am running 0.9.8 and have TLS1.1 protocol enabled. I am trying to enable TLS 1.2 with NO luck. I have Apache 2.2.25 installed. Any ideas?
Thanks…
Cathy Fauntleroy, Security+
Van Dyke Technology Group
Email: cathy.fauntleroy@vdtg.com
Office: (443) 832-4768
-----Original Message-----
From: Robert Webb [mailto:rwebb@ropeguru.com]
Sent: Thursday, March 19, 2015 8:25 AM
To: users@httpd.apache.org; Sailaja Gadireddy
Subject: Re: [users@httpd] How to enable TLSV1.1 or above on Apache
What version of OpenSSL are you running. I don't believe OpenSSL 0.9.8 supports TLS 1.1 or 1.2.
Robert
On Thu, 19 Mar 2015 12:02:01 +0530
Sailaja Gadireddy <sa...@gmail.com> wrote:
> Hello Team,
>
> Currently my Apache server supports SSLV2, V3, TLSV1.
>
> The client requirement is to enalbe TLSV1.1 or above on the webserver.
>
> Current Version of Apache: Apache V2.2.16
>
> When I tried to Add SSLProtocol All TLSv1.1 TLSv1.2. Server has thrown
>the error saying Illegal Protocol.
>
> Please do let me know the steps for enabling TLSV1.1 or above.
>
> Thanks & Regards,
> Sailaja.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] How to enable TLSV1.1 or above on Apache
Posted by Robert Webb <rw...@ropeguru.com>.
What version of OpenSSL are you running. I don't believe OpenSSL 0.9.8
supports TLS 1.1 or 1.2.
Robert
On Thu, 19 Mar 2015 12:02:01 +0530
Sailaja Gadireddy <sa...@gmail.com> wrote:
> Hello Team,
>
> Currently my Apache server supports SSLV2, V3, TLSV1.
>
> The client requirement is to enalbe TLSV1.1 or above on the
>webserver.
>
> Current Version of Apache: Apache V2.2.16
>
> When I tried to Add SSLProtocol All TLSv1.1 TLSv1.2. Server has
>thrown the
> error saying Illegal Protocol.
>
> Please do let me know the steps for enabling TLSV1.1 or above.
>
> Thanks & Regards,
> Sailaja.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] How to enable TLSV1.1 or above on Apache
Posted by Sailaja Gadireddy <sa...@gmail.com>.
Thank you for the update..!
My client requirement is to have only TLS1.1. Even TLS1.0 have to be
disabled.
I would like to know is there a way to use just TLS 1.1 for the older
versions. Or if I upgrade Apache to latest version then will it be possible?
Please do let me know for further details.
Thanks & Regards,
Sailaja.
On Thu, Mar 19, 2015 at 12:38 PM, Otis Dewitt - NOAA Affiliate <
otis.dewitt@noaa.gov> wrote:
> Greetings,
>
> For httpd version 2.2.22 and older, only specify TLSv1. This is treated as
> a wildcard for all TLS versions.
>
> SSLProtocol TLSv1
>
>
> Thanks,
> Otis
>
Re: [users@httpd] How to enable TLSV1.1 or above on Apache
Posted by Otis Dewitt - NOAA Affiliate <ot...@noaa.gov>.
Greetings,
For httpd version 2.2.22 and older, only specify TLSv1. This is treated as
a wildcard for all TLS versions.
SSLProtocol TLSv1
Thanks,
Otis