Forum Topics > Apache 64 bit

Upgrading to OpenSSL 1.0.0d for 2.2.17

(1/2) > >>

blue:
Hi,

I can't seem to find the download on your site for the OpenSSL 1.0.0d upgrade for 2.2.17-ssl-sni-x64.  I'd rather not have to completely upgrade my entire Apache install but only the OpenSSL portion, if possible.

Many thanks,
blue

Gregg:
Yes, I removed it when 2.2.18 arrived. Normally I'd say why not just upgrade it all, but alas, due to problems in the APR & APR-Utill that came with them, there is going to be a 2.2.19 in a week most likely.

Upgrading is easy however, you really only need to copy the bin and modules folder from the package over the ones you have existing. If you can hold out a week, it would be best to upgrade the whole thing. 2.2.19 will come with OSSL 1.0.0d, or 1.0.0e if that comes around the next couple days. There is a CVE concerning the APR/APR-Util that came with 2.2.17, these are security issues, which is why it is best to upgrade instead of hanging with old versions.  It is for this reason I do not want to hand it to you. Make me believe there is a good reason I should which will allow you to not upgrade Apache and I will give it to you.

Curious, why did you not upgrade the OpenSSL package while the upgrade for 2.2.17 was available?

blue:
Thanks for the follow-up.

If I only need to copy the bin and module folders, then I can probably just use 2.2.18.  I was browsing the forums and it seemed that it was a more complex upgrade path.  My concern was that since Apache is just one but very important component in my technology stack and I'm a little fuzzy on how it integrates with my J2EE server (JRun/ColdFusion) and Windows 2008 x64, I  wanted to simply upgrade the OpenSSL portion.

I didn't upgrade earlier since I wasn't aware of the update.  There was a vulnerability scan run on my systems and I was informed my current OpenSSL module needed to be upgraded to 1.0.0d.



Gregg:
There is a binary incompatibility in 2.2.18, which is why they are putting out at 2.2.19 as soon as the APR & APU passes testing and is released. There is always one thing to do before upgrading, back up your existing first. If need be you can always return to previous version. It is looking like Monday or Tuesday for 2.2.19 if all goes well. If you cannot wait that long, I'll let you at the 1.0.0d upgrade for 2.2.17.

blue:
I can probably put off the upgrade till COB Monday.  If I upgrade to 2.2.19, do I still only replace the bin and module folders in my 2.2.17?

Thanks, again.
blue

Navigation

[0] Message Index

[#] Next page

Sitemap 1 2 3 4 5 6 7 8 9 10 11 12 13 
Go to full version