Per https://access.redhat.com/solutions/445713, the Apache httpd rpm package included in RHEL 7 is based on Apache 2.4.6.
OpenSSL version 1.0.1 is the latest version available from RedHat. As you said, "... the current patch level of 1.0.2, which is 1.0.2g has no known security issues" and" ...symbol SSL_CTX_set_alpn_select_cb only exists in 1.0.2 and newer ". You are referring to the version of OpenSSL which available as open source, not from Red Hat, correct? If I am still confused, please explain it to me. If not, I would like to refer to the questions at the end of my original post (below). Thanks, Mike -----Original Message----- From: Rainer Jung [mailto:rainer.j...@kippdata.de] Sent: Friday, April 15, 2016 1:57 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: SSL_CTX_set_alpn_select_cb undefined Am 15.04.2016 um 19:37 schrieb Michael Fox: > I am running Red Hat Linux version 7.2, Apache version 2.4.6, Java JDK > 1.8.0_65, Tomcat version 9.0.0.M1, Tomcat connector version 1.2.5, and have > uncommented the HTTP/2 Connector lines in the Tomcat server.xml file. When I > run the configure command for the Tomcat connector, I get the message: > > checking OpenSSL library version >= 1.0.2... > > > > Found OPENSSL_VERSION_NUMBER 0x1000105f (OpenSSL 1.0.1e 11 Feb 2013) > > Require OPENSSL_VERSION_NUMBER 0x1000200f or greater (1.0.2) > > > > Per Red Hat (https://access.redhat.com/articles/1384453), they consider > OpenSSL version 1.0.2 to have security issues, and so are not issuing that > version. You misunderstood that text. Version 1.0.2 had security issues, which where fixed by 1.0.2a. So the current patch level of 1.0.2, which is 1.0.2g has no known security issues. tcnative starting with version 1.2.0 no longer supports OpenSSL older than 1.0.2. So no support for 0.9.8, 1.0.0 and 1.0.1. You need to build tcnative 1.2.x against OpenSSL 1.0.2 preferably against 1.0.2g. The symbol SSL_CTX_set_alpn_select_cb only exists in 1.0.2 and newer. Regards, Rainer > To be able to configure and make the tcnative library, I run the configure > command as such: > > ./configure --with-apr=/usr/bin/apr-1-config > --with-java-home=$JAVA_HOME --prefix=$CATALINA_HOME > --disable-openssl-version-check --with-ssl=yes > > > > I am able to make and install the library, but when I run the Tomcat > configtest I get: > > INFO: Initializing ProtocolHandler ["https-apr-8443"] > > /usr/java/jdk1.8.0_65/bin/java: symbol lookup error: > /home/tomcat/apache-tomcat-9.0.0.M1-src/output/build/lib/libtcnative-1 > .so.0.2.5: undefined symbol: SSL_CTX_set_alpn_select_cb > > Configuration error detected! > > > > Is there a way to get around or define this symbol? > > Should I investigate the use of older versions of Tomcat, Java, and Tomcat > connector? > > Should I not use APR with Tomcat (and then use HTTP/1.1)? > > Should I abandon the RedHat Apache/OpenSSL software and use the latest > Apache/OpenSSL from apache.org? > > > > Thanks, > > Mike --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
