Apache httpd 2.4.34 with brotli support, built against OpenSSL 1.1.0i with http2 and ALPN for Red Hat Enterprise Linux and CentOS

Apache httpd 2.4.34-2 with brotli compression library from Google, http2 (HTTP/2) support for Red Hat Enterprise Linux and CentOS added to repository. Mod_ssl is built statically against OpenSSL 1.1.0i.

Links:

Since 2.4.29-2 release we start building Apache httpd against OpenSSL 1.1.0. Since 2.4.33 we added brotli compression library.

brotli support is already included in base RPM file. All you need is to add filters like

AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript

Http2 Apache httpd module no longer supports prefork mpm from version 2.4.27. If you need http2 module, please disable prefork mpm and enable evemt mpm in /etc/httpd/conf.modules.d/00-mpm.conf. We already made this in 00-mpm.conf in our packages. If you are updating other vendor installation, please update this file.

For correct work with SELinux please update the following boolean:

setsebool -P httpd_execmem=1

Feel free to use our CentOS/RHEL repository. Please also note that this package depends on apr-util 1.5.0+ and libnghttp, which you can found in EPEL repository. So, the easiest way to use our builds of Apache HTTPd is to add EPEL repository, if you still do not have it: yum install -y epel-release

18 thoughts on “Apache httpd 2.4.34 with brotli support, built against OpenSSL 1.1.0i with http2 and ALPN for Red Hat Enterprise Linux and CentOS”

        1. Thinking about it.
          Please note that TLS 1.3 release you mentioned is still not supported by browsers by default.
          Current Chrome 68 and Firefox 61 support TLS 1.3 draft 23 that is supported in 1.1.1-pre2 OpenSSL version.

          As soon as builds are very popular we are still waiting for OpenSSL 1.1.1 release and browsers support for TLS 1.3 final version (=draft 28).

          Reply

    1. Thank you for good news!
      I’ve been watching for their bugs list ๐Ÿ™‚

      Mozilla Firefox currently supports TLS 1.3 release, but Chrome does not (only draft 23 is supported).
      I think we will build new versions against 1.1.1 release anyway.

      Reply

  3. We are using this package on around 15 CentOS 7.5.1804 servers, and we are getting a random error. (because we all know how we all love random errors in this business)

    PHP Warning: hash_hmac(): Unknown hashing algorithm: sha1

    Our CMS rely heavily on hash (TYPO3) so the web is just dead.
    It can run flawlessly for days, then all of a sudden this error, and phpinfo shows the “Hashing Engines” as empty (usually shows all the available engines), then after a few minutes they all reappear and it all runs perfectly again.

    We really want to run this release (for the http2)
    Does anyone have any suggestions to what to try here? Apparently no one in the world (google) has knowingly had this issue.

    Any suggestions we can try is very much appreciated.

    Reply

    1. Hi Palle,

      What is your PHP version?
      We observed similar behavior with PHP 7.0 with MySQL constant of PDO extension.

      Please also note that php-fpm (running php as separate server) is recommended way to be used with new Apache versions.

      Reply

      2. Just wanted to let everyone know (that ends up here due to their google search on this issue). That setting up PHP-FPM seems to have fixed the issue for us (with the hash missing). Running on 2 weeks now without issues.

        Reply

    1. Hi Jeffrey,

      It was not officially released yet and it had some errors with TLS 1.3 enabled.
      I think all of them are fixed now, as soon as 2.4.37 was officially released some minutes ago ๐Ÿ™‚

      I will update production repo within next hour.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *