I worked on this a little bit. I backported the 10 patches that are currently present in the PR mentioned above (https://github.com/apache/httpd/pull/258), and verified that they seem to address the problem, at least in the sense that they make mod_ssl loadable again when using OpenSSL 3.
I ran apache2's autopkgtests and most of them succeeded; the only failure I'm seeing is actually not related to apache2, and is instead a problem with an uninstallable package currently in jammy-proposed. The situation here is very similar to what's happening with net-snmp and squid: there are upstream patches that can "fix" the compatibility issue with OpenSSL, but upstream is still not entirely comfortable with them. In apache2's case, this situation a bit more complicated because there is apparently a behaviour change/regression that has been found with OpenSSL 3: https://github.com/openssl/openssl/issues/15946 I will keep an eye on the progress of apache2's PR and see what happens. It'd probably be a good idea to have someone from the Security team take a look at this possible regression and assess it. ** Bug watch added: github.com/openssl/openssl/issues #15946 https://github.com/openssl/openssl/issues/15946 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1951476 Title: apache2: mod_ssl fails to load with OpenSSL 3.0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1951476/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
