Apache httpd 2.4.37 with brotli support, TLS 1.3 final (RFC 8446) built against OpenSSL 1.1.1 with http2 and ALPN for Red Hat Enterprise Linux and CentOS

Apache httpd 2.4.37 with brotli compression library from Google, TLS 1.3 Final (RFC 8446), http2 (HTTP/2) support for Red Hat Enterprise Linux and CentOS added to repository. Mod_ssl is built statically against OpenSSL 1.1.1.

Links:

Since 2.4.33 we added brotli compression library. Since 2.4.35 release we start building Apache httpd against OpenSSL 1.1.1. Since 2.4.37 release TLS 1.3 final version (not to be confused with any draft versions) is supported and enabled by default.

Please note that TLS 1.3 final version is only supported in Chrome 70 and Mozilla Firefox 63 for now.

brotli support is already included in base RPM file. All you need is to add filters like

AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript

Http2 Apache httpd module no longer supports prefork mpm from version 2.4.27. If you need http2 module, please disable prefork mpm and enable evemt mpm in /etc/httpd/conf.modules.d/00-mpm.conf. We already made this in 00-mpm.conf in our packages. If you are updating other vendor installation, please update this file.

For correct work with SELinux please update the following boolean:

setsebool -P httpd_execmem=1

Feel free to use our CentOS/RHEL repository. Please also note that this package depends on apr-util 1.5.0+ and libnghttp, which you can found in EPEL repository. So, the easiest way to use our builds of Apache HTTPd is to add EPEL repository, if you still do not have it: yum install -y epel-release

NGINX 1.14.0-2 stable and 1.15.5-2 mainline built against OpenSSL 1.1.1 with TLS 1.3 Final (RFC 8446) and brotli for Red Hat Enterprise Linux and CentOS

NGINX 1.15.5-2 mainline-version and NGINX 1.14.0-2 stable, built statically against OpenSSL 1.1.1 with ngx cache purge and TLS 1.3 final support added to repository. TLS 1.3 works with Google Chrome versions 70. To enable TLS 1.3, you must specify:

ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;

Links:

Alternatively, feel free to use our CentOS/RHEL repository.

NGINX 1.15.5 mainline built against OpenSSL 1.1.1 with TLS 1.3 and brotli for Red Hat Enterprise Linux and CentOS

NGINX 1.15.5-1 mainline-version, built statically against OpenSSL 1.1.1 with ngx cache purge and TLS 1.3 final support added to repository. TLS 1.3 works with Google Chrome versions 70 (stable version release scheduled to October 16, 2018). Alternatively, TLS 1.3 support can be tested using Chrome Beta.

We would also recommend you to check whether chrome://flags/#tls13-varian flag is set to “Enabled (Final)”.

Links:

Alternatively, feel free to use our CentOS/RHEL repository.