Apache httpd 2.4.29 built against OpenSSL 1.1.0g with http2 and ALPN for Red Hat Enterprise Linux and CentOS

Apache httpd 2.4.29 with http2 (HTTP/2) support for Red Hat Enterprise Linux and CentOS added to repository. Mod_ssl is built statically against OpenSSL 1.1.0g. Links:

Yes, since this release we start building Apache httpd against OpenSSL 1.1.0.

Http2 Apache httpd module no longer supports prefork mpm from version 2.4.27, we experienced crashes with it in 2.4.26 and decided to keep builds private. If you need http2 module, please disable prefork mpm and enable worker mpm in /etc/httpd/conf.modules.d/00-mpm.conf.

We already made this in 00-mpm.conf in our packages. If you are updating other vendor installation, please update this file.

For correct work with SELinux please update the following boolean:

setsebool -P httpd_execmem=1

Feel free to use our CentOS/RHEL repository. Please also note that this package depends on apr-util 1.5.0+ and libnghttp, which you can found in EPEL repository. So, the easiest way to use our builds of Apache HTTPd is to add EPEL repository, if you still do not have it: yum install -y epel-release

20 thoughts on “Apache httpd 2.4.29 built against OpenSSL 1.1.0g with http2 and ALPN for Red Hat Enterprise Linux and CentOS”

    1. Hi Binyamin!

      Idea to build Apache httpd with statically linked OpenSSL 1.0.2 / 1.1.0 was successful because we don’t need to replace system OpenSSL. Of course we easily build OpenSSL 1.0.2 or 1.1.0 on EL 7 platform but if you really plan to replace officially supplied version, many many things will be broken.

      And yes, if you need it, it will be ok to keep it in /usr/local (this will be so if you will simply build it without any configuration) so it won’t affect your system.

      I don’t think we will support standalone OpenSSL version as soon as we link it statically.

  1. Hi and thanks for awesome work. Have you planned to build 2.4.29 agains OpenSSL 1.0.2k, which is the default in CentOS 7.4?

      1. I thought that Apache should be always build with the same OpenSSL version that OS has. So is it ok to use in production Apache with OpenSSL 1.1.0g with CentOS OpenSSL 1.0.2k?

        Thanks!

  2. Any chance you could enable mod_brotli ? I see that you do for nginx and it would be a nice feature to have.

  3. Hello,

    thank you for your work. I have question. I’m trying enable http 2.0 for virtual host. But I’m not sucessful. In online test sites server is Http2.0 ready – but when I see requests in browser via network console I see that http 1 is used only.
    Can you say me why please?

    Protocols h2 http/1.1
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
    ….

    Thanks

    Pavel

    1. Hello Pavel,

      First, you need to check if your browser is compiled against TLS 1.0.2+ compatible libraries. So we need more details like OS/version, browser and its version and full URL you are checking.

      I suspect problem can be on your side or network (e.g. transparent proxies can break TLS ALPN negotiation).

      1. Hello,

        I tried FF 58.0.2 64b, Edge 41.16299.248.0. You can try it here – (removed by Alexander) (please after read it, delete this URL from this post).

        Thank you

        Pavel

          1. Thanky for your check. Where can be problem please? I tried other computer now + Chrome. WIthout effect. Still http 1.0. Any idea for this?

  4. Hi,
    I am trying to compile Apache 2.4.33 with OpenSSL 1.1.0h. But i keep getting this error message. I have been trying to go pass this issue for last 2 weeks. Can you please advice what i should be doing here ? Apologies if it is outside of the work published here.

    libapr-1.la -luuid -lrt -lcrypt -lpthread -lm -lssl -lcrypto -luuid -lrt -lcrypt -lthread
    ab.c: In function `ssl_print_cert_info’:
    ab.c:649 undefined reference to `X509_get_version’
    ab.c:651 undefined reference to `X509_getm_notBefore’
    ab.c:655 undefined reference to `X509_getm_notAfter’
    ab.c:571 undefined reference to `SSL_in_init’
    ab.c:571 undefined reference to `SSL_is_server’
    x509.h:97 undefined reference to `OPENSSL_sk_num’
    x509.h:97 undefined reference to `OPENSSL_sk_value’
    ab.c:1941 undefined reference to `SSL_in_init`
    …..


    collect2: ld returned 1 exit status
    make[2] *** [ab] Error 1
    make[2]: Leaving directory ‘/local/apache24buildx64/http-2.4.33/support’
    make[1]: *** [install-recursive] Error 1
    make[1]: Leaving directory ‘/local/apache24buildx64/httpd-2.4.33/support’
    make: *** [install-recursive] Error 1

  5. I love reading through and I believe this website got some genuinely utilitarian stuff on it! .

Leave a Reply

Your email address will not be published. Required fields are marked *