Apache httpd 2.4.43-2 with brotli compression library from Google, TLS 1.3 Final (RFC 8446), http2 (HTTP/2) support for Red Hat Enterprise Linux and CentOS added to repository. Mod_ssl is built statically against OpenSSL 1.1.1f.
Links:
Since 2.4.33 we added brotli compression library. Since 2.4.35 release we start building Apache httpd against OpenSSL 1.1.1*. Since 2.4.37 release TLS 1.3 final version (not to be confused with any draft versions) is supported and enabled by default.
Please note that TLS 1.3 final version is supported in Chrome 70+ and Mozilla Firefox 63+.
brotli support is already included in base RPM file. All you need is to add filters like
AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript
Http2 Apache httpd module no longer supports prefork mpm from version 2.4.27. If you need http2 module, please disable prefork mpm and enable evemt mpm in /etc/httpd/conf.modules.d/00-mpm.conf. We already made this in 00-mpm.conf in our packages. If you are updating other vendor installation, please update this file.
We already included a minimum required SELinux policy into the package.
Feel free to use our CentOS/RHEL repository. Please also note that this package depends on apr-util 1.5.0+ and libnghttp, which you can found in EPEL repository. So, the easiest way to use our builds of Apache HTTPd is to add EPEL repository, if you still do not have it: yum install -y epel-release
Including mod_md in next Apache httpd rpm will be awesome.
With latest version al lot of bugs have been fixed in the module.
mod_md requires fresh curl that is not available on EL7.
You can ask mod_md authors to support older versions.
Hi, can you please tell me the upgradtion procedure of apache 2.4.37 to 2.4.43, as my current version is 2.4.37 but TLSv1.2 and TLSv1.3 saying unknown protocol though my openssl version is OpenSSL 1.1.1g , can yo please help how to resolve.
Hi. Please refer to your OS support team/forum for support.
mod_md is available from testing repository: https://repo.codeit.guru/packages/testing/x86_64/mod_md-2.4.43-3.codeit.el7.x86_64.rpm
I will test it asap, thanks
mod_md needs mod_ssl as a dependency, otherwise it will not work.
other than that it’s working fine.
thanks
Thank you for the confirmation.
I made a pull request to upstream: waiting for their comments.
https://github.com/apache/httpd/pull/108
Hiya, thanks a lot for this build.
I’m trying to install on centos 7 but apache wont start, it says
undefined symbol: apr_thread_mutex_timedlock
any ideas to fix this? thanks
I think you may also need to install apr and apr-util from our repo.
Hiya thanks for your reply, I have tried this but still stuck. tried removing apr* and then reinstalling everything from codeit
[root@ip-172-31-30-228 yum.repos.d]# yum list installed | grep apr
apr.x86_64 1.7.0-2.el7 @CodeIT
apr-util.x86_64 1.6.1-6.el7 @CodeIT
but restarting apache still gives me
/usr/sbin/httpd: symbol lookup error: /usr/sbin/httpd: undefined symbol: apr_thread_mutex_timedlock
so not sure why this is
Hi Alex,
Not sure if mod_http2(1.15.8) is worth having a new build?
🙂
Hello Jeffrey,
This includes code cleanup, stream id fixes and Windows crash fix.
I don’t think we are affected by any of these problems, so I would say we are safe to skip it.
Hi Alex,
Not sure if you run mod_reqtimeout & mod_http2 at the same time?
But anyway, it’s ok if it’s too much effort on this. 🙂
Hi Alex,
Seems like my case has been fixed in version 1.15.9.
Hi Jeffrey,
Released.
Openssl has issued 1.1.1g for CVE-2020-1967 (TLS1.3 related). As httpd is built statically with openssl, I’m afraid rebuilding is required.
Regards.
Exactly.
We’re testing a new build now with openssl 1.1.1g dynamic library in /opt/codeit directory and mod_md module.
Released.