Text only | Text with Images

The Apache Haus Forum

Forum Topics => Apache 2.2 => Topic started by: Marc Van Dercruyssen on March 03, 2016, 01:38:40 PM

Title: Open SSL 1.0.1s & apache 2.2.31
Post by: Marc Van Dercruyssen on March 03, 2016, 01:38:40 PM
Hello,

I'm looking for an Open SSL 1.0.1s & apache 2.2.31 bundle to be protected against drown attacks (https://drownattack.com)
Open SSL 1.0.1s is already available, any idea when we can expect here the bundle Open SSL 1.0.1s & apache 2.2.31 ?
brgrds, Marc
Title: Re: Open SSL 1.0.1s & apache 2.2.31
Post by: Gregg on March 03, 2016, 05:59:50 PM
Um, I'm not building 2.2 (which is VC9) with 1.0.1 anymore or hadn't planned on it. There seems no reason to.
The only VC9 PHP that will load as an Apache module is 5.4 and it requires Apache running OpenSSL 0.9.8, both of which are EOL.

I do plan to put up 2.2 with OpenSSL 1.0.2g however.

Explain the need for 2.2 with 1.0.1s and I may reconsider.


Title: Re: Open SSL 1.0.1s & apache 2.2.31
Post by: Marc Van Dercruyssen on March 18, 2016, 02:18:26 PM
Hello Greg,
We try to protect some websites against drown atacks,
Min requirement was 1.0.1s or 1.0.2g
So 1.0.2g is ok for us
Text only | Text with Images