The Apache Haus Forum

Forum Topics => News & General Discussion => Topic started by: Gregg on March 14, 2017, 08:51:06 PM

Title: Apache 2.4 with OpenSSL 1.1.0
Post by: Gregg on March 14, 2017, 08:51:06 PM
Work continues by the Apache developers on getting Apache 2.4 working with OpenSSL 1.1.0.

What seems to work so far:
httpd, yes mod_ssl will now build and seems to work fine with OpenSSL 1.1.0.

What does seems not to work yet:
abs, it builds but at this point it doesn't seem to work, not for me anyway.
apr_crypto_openssl.dll doesn't build (it's a different project of the ASF than the server) so there is no chance for mod_session_crypto at this time.

I have VC14 x86 & x64 preview builds for testing.

If anyone would like to take one for a spin reply to this post and I'll send you a link.

Title: Re: Apache 2.4 with OpenSSL 1.1.0
Post by: DnvrSysEngr on March 15, 2017, 04:20:05 PM
I am game for it.  Send me the link.  I will test it out and see what works, is broken, etc.

 -S
Title: Re: Apache 2.4 with OpenSSL 1.1.0
Post by: Jan-E on March 20, 2017, 03:35:15 AM
Try https://phpdev.toolsforresearch.com/apr-1.6.x.zip for apr_crypto_openssl-1.dll

See http://mail-archives.apache.org/mod_mbox/apr-dev/201703.mbox/browser
Topic 1.6 release timetable
Title: Re: Apache 2.4 with OpenSSL 1.1.0
Post by: Gregg on March 20, 2017, 03:41:28 AM
I've got it building now. It was a "duh" moment and I used apr 1.5 when building these.
Title: Re: Apache 2.4 with OpenSSL 1.1.0
Post by: DnvrSysEngr on March 21, 2017, 05:55:19 AM
New Dev build coming again soon?
Title: Re: Apache 2.4 with OpenSSL 1.1.0
Post by: Gregg on March 23, 2017, 06:33:42 PM
Try for Monday morning.
This time I might include some extras.
mod_brotli which will be added to 2.4 once brotli comes out with a new release (git-brotli-master works now).
mod_socache_redis (the ASF's version) which will be added to 2.4 once APR 1.6 is released.
As you can see by this thread, you're the only brave guinea pig :)
Liking Cha Cha?
Title: Re: Apache 2.4 with OpenSSL 1.1.0
Post by: DnvrSysEngr on March 23, 2017, 08:06:22 PM
Nothing wrong with living on the edge.  I can say that I have not encountered any issues with the 2.4.26-Dev build you provided.

I be back from vacation on Monday and will be looking forward to trying out a new build.  Cha cha cha.
Title: Re: Apache 2.4 with OpenSSL 1.1.0
Post by: Jan-E on March 24, 2017, 06:11:32 AM
As you can see by this thread, you're the only brave guinea pig :)

The only one that was interested in your builds. There might have been others that built Apache 2.4 from http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/

Liking Cha Cha?

What is the current status of ChaCha in terms of browser support? Is Firefox already supporting it?
Title: Re: Apache 2.4 with OpenSSL 1.1.0
Post by: Gregg on March 24, 2017, 06:52:06 AM
The latest FF certainly does. Not the ESR (45).
Pale Moon and Vivaldi do.
IIRC the Chrome on one of the Linux Live DVDs I tried yesterday did.
The Midori on Bodhi Linux at lease did AES256-GCM384

Qualys says these do:
FF 47+
Chrome 49+
Android 7

IE/Edge, Safari: AES256-GCM384

The big looser is FF ESR:  ECDHE-RSA-AES128-GCM-SHA256

Edit: Afterthought
The LibreSSL builds have chacha.
Title: Re: Apache 2.4 with OpenSSL 1.1.0
Post by: DnvrSysEngr on March 24, 2017, 09:40:59 PM
Ran ChaCha with 2.4.25 build with LibreSSL and all nightly/dev builds of browsers agreed with it
Title: Re: Apache 2.4 with OpenSSL 1.1.0
Post by: Gregg on March 27, 2017, 02:52:17 AM
New proper build (r1) with APR/APR-Util 1.6.0-dev is there.
Includes mod_brotli and mod_socache_redis this time.
I only built x64.
Same Bat time, same Bat channel.
Title: Re: Apache 2.4 with OpenSSL 1.1.0
Post by: Jan-E on March 27, 2017, 04:04:39 AM
Send me the link, please
Title: Re: Apache 2.4 with OpenSSL 1.1.0
Post by: Frankiesay on March 27, 2017, 04:07:14 AM
can u send me a link too and thanks alot!
Title: Re: Apache 2.4 with OpenSSL 1.1.0
Post by: DnvrSysEngr on March 27, 2017, 06:56:59 AM
One minor error on the Index.html page.  Link should be for <a href="/modules.lua">Loaded Modules</a>,  it is typed as modues.lua - missing the l in modules.  Darn typo error.
Title: Re: Apache 2.4 with OpenSSL 1.1.0
Post by: Gregg on March 27, 2017, 05:43:47 PM
I thought I fixed that before I zipped it up. Oh well, not life threatening.

@Frankiesay, I have sent you a PM on this forum with the link.
Title: Re: Apache 2.4 with OpenSSL 1.1.0
Post by: Jan-E on March 28, 2017, 09:11:26 PM
Send me the link, please
ping
Title: Re: Apache 2.4 with OpenSSL 1.1.0
Post by: Frankiesay on March 31, 2017, 04:02:03 AM
I put in my server base on ws2012 and it looks good
so what kind of test u need to help?
Title: Re: Apache 2.4 with OpenSSL 1.1.0
Post by: Gregg on March 31, 2017, 04:14:15 AM
Nothing in particular. It's for people like yourself to test out any way you want. It's using unreleased code which is why it gets a "just for testing" label on it.