The Apache Haus Forum

Forum Topics => News & General Discussion => Topic started by: Gregg on March 04, 2016, 08:18:37 AM

Title: Users of OpenSSL 0.9.8 please read
Post by: Gregg on March 04, 2016, 08:18:37 AM
Tomorrow (March 4th) in the afternoon sometime my time I will be putting up new downloads of Apache 2.2.31 and 2.4.18 and OpenSSL 1.0.2g updates and 1.0.1s (VC11 only) downgrades. You will notice there are no longer any OpenSSL 0.9.8 downgrades.

OpenSSL 0.9.8 and 1.0.0 versions have gone End of Life and there is no longer any development on these versions. Because OpenSSL is a security layer, you want to keep that up to date ... don't you? You can't when your hanging onto OpenSSL 0.9.8.

So What can you do? The most common reason you need to keep this out of date version is to run PHP 5.3/5.4 as an Apache module (php?apache2_?.dll). You have a few options to choose from to deal with this.

While you do not have to do anything different just yet because you do not have to worry about these updates tomorrow. You should start preparing for the inevitable in the coming weeks when I expect to see Apache 2.4.19 come around. There will be no more OpenSSL 0.9.8 downgrades available made available for any version of Apache.