Thanks Luke. Good Info. -----Original Message----- From: Luke Swihart [mailto:luke.swih...@nashfinch.com] Sent: Wednesday, March 16, 2011 1:52 PM To: users@httpd.apache.org Subject: RE: [users@httpd] list serv for mod_ssl and other Apache modules
Just so everyone remembers in the OpenSSL world that OpenSSL versions in the 0.9.x tree from letter to letter are *NOT* binary compatible. There are lots of writeups on this. If you're going to update OpenSSL this means you are most likely going to need to recompile. They are suposedly trying to do something in the 1.0.0 tree to make this better. This is the whole reasoning behind the project : OpenTLS (www.opentls.org) On this page it explains more about the versioning issues in OpenSSL. "Edwards, Denise" <denise.edwa...@bowne.com> 03/14/2011 02:05 PM Please respond to users@httpd.apache.org To <users@httpd.apache.org> cc Subject RE: [users@httpd] list serv for mod_ssl and other Apache modules Thanks Nick. I don't want to recompile anything. The extent of my Apache HTTPD knowledge centers on installing, configuring and running it. I usually get this package, including the ssl, from the site. If I'm not mistaken, the 'openssl' version referenced in the install filename is the version that the mod_ssl module was compiled against. I'm not sure it makes much of a difference but... to plug that 'potential' security hole we need the module compiled against the later version. I downloaded the openssl version required, and it's a lib. Not sure where to go from there (as I don't want to compile the web server) and I only see docs on ssl certs, which I already know how to do. Will check again though. Not sure if this can actually be done separately -->upgrade mod_ssl separately. -----Original Message----- From: Nick Kew [mailto:n...@webthing.com] Sent: Monday, March 14, 2011 11:35 AM To: users@httpd.apache.org Subject: Re: [users@httpd] list serv for mod_ssl and other Apache modules On Mon, 14 Mar 2011 10:22:04 -0400 "Edwards, Denise" <denise.edwa...@bowne.com> wrote: > Thanks Eric. > > I've installed the latest Apache with SSL (v2.2.17 and openSSL 0.9.8o). > We have a security issue that is fixed with openSSL 0.9.8p. How do you > update this latest Apache release to accommodate this (without having to > re-build Apache altogether)? How do you know you need to recompile? Do the OpenSSL release notes tell you it breaks binary compatibility? Or did you link it statically (in which case, whoever built it knows about custom builds)? If you really need to recompile, see the docs for apxs. -- Nick Kew Available for work, contract or permanent. http://www.webthing.com/~nick/cv.html --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org CONFIDENTIALITY NOTICE: The information in this Internet email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org ************************************************************************ ************** This email may contain information proprietary to Nash Finch Company and is intended only for the use of the recipient(s).If you have received this email in error, any review, dissemination, distribution or copying of this message is strictly prohibited. If you are not the intended recipient(s),please notify the sender immediately. ************************************************************************ ************* --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org CONFIDENTIALITY NOTICE: The information in this Internet email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
