Apache httpd 2.4.37 with brotli support, TLS 1.3 final (RFC 8446) built against OpenSSL 1.1.1 with http2 and ALPN for Red Hat Enterprise Linux and CentOS

Apache httpd 2.4.37 with brotli compression library from Google, TLS 1.3 Final (RFC 8446), http2 (HTTP/2) support for Red Hat Enterprise Linux and CentOS added to repository. Mod_ssl is built statically against OpenSSL 1.1.1.

Links:

Since 2.4.33 we added brotli compression library. Since 2.4.35 release we start building Apache httpd against OpenSSL 1.1.1. Since 2.4.37 release TLS 1.3 final version (not to be confused with any draft versions) is supported and enabled by default.

Please note that TLS 1.3 final version is only supported in Chrome 70 and Mozilla Firefox 63 for now.

brotli support is already included in base RPM file. All you need is to add filters like

AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript

Http2 Apache httpd module no longer supports prefork mpm from version 2.4.27. If you need http2 module, please disable prefork mpm and enable evemt mpm in /etc/httpd/conf.modules.d/00-mpm.conf. We already made this in 00-mpm.conf in our packages. If you are updating other vendor installation, please update this file.

For correct work with SELinux please update the following boolean:

setsebool -P httpd_execmem=1

Feel free to use our CentOS/RHEL repository. Please also note that this package depends on apr-util 1.5.0+ and libnghttp, which you can found in EPEL repository. So, the easiest way to use our builds of Apache HTTPd is to add EPEL repository, if you still do not have it: yum install -y epel-release

12 thoughts on “Apache httpd 2.4.37 with brotli support, TLS 1.3 final (RFC 8446) built against OpenSSL 1.1.1 with http2 and ALPN for Red Hat Enterprise Linux and CentOS”

  1. Helo..
    I dont khow this is the correct place or not, but this is about php too, exactly php_curl running in latest apache an php. And I get the rpm from codeIT.
    environment: – Centos 7 – apache2.4.35 – PHP7.2.11 – curl7.61.1

    this is my link problem: https://stackoverflow.com/questions/52921617/linux-apache2-4-35-php7-2-curl-does-not-execute-in-text-result-but-in-html-does

    if the response of the request is html, curl_exec show on html output, but if it is plaintext it does not print anything.

    I was try run from php cli work well and from XAMPP for linux with any browser run well too (in the same environment). I found difference in phpinfo (additional dotini files) there is “php-zts” but in cli just “php”.

    may be you can help or recomendation to whom.
    I online in freenode ##php with nickname: alfin

    Thanks a lot
    -alfin-

  2. Since I updated from 2.4.34 to 2.4.35 & 37, my mod_write rules no longer work. I used one to redirect non-HTTPS requests to HTTPS, and it’s simply broken:
    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

    Not sure why. Bug?

  3. Weird issue with PHP session_save_path with 2.4.37 and PHP 7.1.25.

    Intermittently the session_save_path is empty, even though it’s defined in conf.d/php.conf

    Has anyone else encountered the issue?

    I also see the occasional:

    [Fri Jan 11 09:39:42.273505 2019] [core:notice] [pid 326:tid 139768943454400] AH00052: child pid 25208 exit signal Segmentation fault (11)

    I’m using PHP 7.1.25 from Webtatic, which used to work perfectly with Apache from CentOS 7.

    1. Hi,

      Looks like thread safety issue in PHP.
      Please check that you are using event MPM and ZTS php version. Some bugs were fixed in php 7.2.

      Please also note that php-fpm (running php as separate server) is recommended way to be used with new Apache versions.

    1. Funny thing, I came to report the very same thing. 🙂

      [Tue Jan 15 15:51:07.813991 2019] [ssl:error] [pid 26721:tid 140656076875520] [client 64.41.200.104:60808] AH02042: rejecting client initiated renegotiation
      [Tue Jan 15 15:51:18.182988 2019] [ssl:error] [pid 29296:tid 140656247539456] [client 64.41.200.104:38096] AH02042: rejecting client initiated renegotiation

      PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
      26721 apache 20 0 2516960 393320 17868 S 81.1 4.8 19:49.91 httpd
      29296 apache 20 0 2657356 612836 14460 S 3.6 7.5 28:58.09 httpd

Leave a Reply

Your email address will not be published. Required fields are marked *