1

How Do I Use Multiple Versions of OpenSSL ... One for Apache and one for PHP

view story
linux-howto

http://serverfault.com – I have an Apache 2.2 (self-compiled version) server that is getting dinged during a PCI scan because it does not support TLS 1.1 or 1.2 ciphers. After some digging I found that the installed version of OpenSSL (0.9.8e) does not contain the newest TLS ciphers. So I went and downloaded and compiled the latest version of OpenSSL (1.0.1c) and have it installed in an alternate location within /opt so it wouldn't interfere with the installed version. What I would like to do is to compile Apache against the 1.0.1 libraries and keep the system-installed libraries for use with PHP, cURL, openssh, et (HowTos)

u85500's picture
Submitted by u85500 on 09/26/2012

Stories similar to How Do I Use Multiple Versions of OpenSSL ... One for Apache and one for PHP

I installed an recompiled both Apache and PHP5, but it seems I am doing something wrong and unable to omit the old openssl. How can I configure and recompile to use only the new one?

From my phpinfo():

Apache/2.4.2 (Unix) OpenSSL/0.9.8o

OpenSSL support enabled OpenSSL Library Version OpenSSL 0.9.8o 01 Jun 2010 OpenSSL Header Version OpenSSL 1.0.1 14 Mar 2012

Openssl cipher strength 16 weeks 6 days ago

I have read the forums for strengthing the openssl ciphers on a server and the following command I can run:

openssl ciphers -v 'TLSv1+HIGH:!SSLv2:RC4!MEDIUM:!aNULL:!eNULL:!3DES:!EXPORT:@STRENGTH' I have some services that cannot be set to higher levels like you can set in an httpd.conf file.

We need to revert openssl back to 0.9.8 to be able to compile ruby 1.9.1.

I downloaded source to 0.9.8 and compiled and did make install. But openssl still gives the F12 version of 1.0.0-beta3. If I try to remove with Package, it wants to remove 500 packages - which I don't want to do. Any suggestions how to make the 0.9.8 version as the deployed version ?

For the trinity needed a never version of openssl. You must use other distro, or create an openssl rpm like openssl097a, with newest openssl, or try a search other from repo. For example, fedora 12... [by fonya]

Easyapache error - Urgent 30 weeks 3 days ago

We upgraded openssl manually to latest version on centos 5.8 64bit

wget http://www.openssl.org/source/openssl-1.0.1c.tar.gz tar -zxf openssl-1.0.1c.tar.gz cd openssl-1.0.1c ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ssl-dir=/usr/src/openssl-1.0.1c --with-pam --with-libs=-ldl --without-zlib-version-check make make install

Now when we recompile apache/php it gives error -

--- type -lX

Hi,

I'm been having a hard time with passing a securitymetics scan. The problem seems to be related to ports 443 and port 465 supporting weak ciphers.

I have followed all the recommendations to disable ss2 and low and medium ciphers for exim and openSSL.

However, securitymetrics techs just emailed me the following:

Any idea please! --------------------------------------------------------------

Curl Certificate Issue 2 years 44 weeks ago

I am using the curl version 7.21.0. When I try the curl command from command like, things works fine for the http sites. But when I try https I get certificate error. I have source compiled curl with latest OpenSSL. I have also tried downloading the latest certificate bundle. With the same version of curl, same version of openssl with same certificate file I can get it work on the linux.

I am working on a Django based site and I want to integrate it with Apache and mod_wsgi.

I found out that I have installed Apache/2.2.22 (Unix).

I checked the official Apache site and there is available version 2.4, which I would like update to - I am new to Apache actually so I think it would be better to start off learning from the newest version.

The question is how can I upgrade my current

What are openSuSE's plans as to the release of an rpm with openssl-0.8.9m which has the solution to the renegotiation man-in-the-middle attack, not just turning key renegotiation down?