Apache httpd 2.4.43-2 with brotli support, TLS 1.3 final (RFC 8446) built against OpenSSL 1.1.1f with http2 and ALPN for Red Hat Enterprise Linux 7 and CentOS 7

Apache httpd 2.4.43-2 with brotli compression library from Google, TLS 1.3 Final (RFC 8446), http2 (HTTP/2) support for Red Hat Enterprise Linux and CentOS added to repository. Mod_ssl is built statically against OpenSSL 1.1.1f.

Links:

Since 2.4.33 we added brotli compression library. Since 2.4.35 release we start building Apache httpd against OpenSSL 1.1.1*. Since 2.4.37 release TLS 1.3 final version (not to be confused with any draft versions) is supported and enabled by default.

Please note that TLS 1.3 final version is supported in Chrome 70+ and Mozilla Firefox 63+.

brotli support is already included in base RPM file. All you need is to add filters like

AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript

Http2 Apache httpd module no longer supports prefork mpm from version 2.4.27. If you need http2 module, please disable prefork mpm and enable evemt mpm in /etc/httpd/conf.modules.d/00-mpm.conf. We already made this in 00-mpm.conf in our packages. If you are updating other vendor installation, please update this file.

We already included a minimum required SELinux policy into the package.

Feel free to use our CentOS/RHEL repository. Please also note that this package depends on apr-util 1.5.0+ and libnghttp, which you can found in EPEL repository. So, the easiest way to use our builds of Apache HTTPd is to add EPEL repository, if you still do not have it: yum install -y epel-release

19 thoughts on “Apache httpd 2.4.43-2 with brotli support, TLS 1.3 final (RFC 8446) built against OpenSSL 1.1.1f with http2 and ALPN for Red Hat Enterprise Linux 7 and CentOS 7”

  1. Including mod_md in next Apache httpd rpm will be awesome.
    With latest version al lot of bugs have been fixed in the module.

      1. Hi, can you please tell me the upgradtion procedure of apache 2.4.37 to 2.4.43, as my current version is 2.4.37 but TLSv1.2 and TLSv1.3 saying unknown protocol though my openssl version is OpenSSL 1.1.1g , can yo please help how to resolve.

      1. mod_md needs mod_ssl as a dependency, otherwise it will not work.
        other than that it’s working fine.
        thanks

  2. Hiya, thanks a lot for this build.

    I’m trying to install on centos 7 but apache wont start, it says

    undefined symbol: apr_thread_mutex_timedlock

    any ideas to fix this? thanks

      1. Hiya thanks for your reply, I have tried this but still stuck. tried removing apr* and then reinstalling everything from codeit

        [root@ip-172-31-30-228 yum.repos.d]# yum list installed | grep apr
        apr.x86_64 1.7.0-2.el7 @CodeIT
        apr-util.x86_64 1.6.1-6.el7 @CodeIT

        but restarting apache still gives me
        /usr/sbin/httpd: symbol lookup error: /usr/sbin/httpd: undefined symbol: apr_thread_mutex_timedlock

        so not sure why this is

      1. Hi Alex,

        Not sure if you run mod_reqtimeout & mod_http2 at the same time?
        But anyway, it’s ok if it’s too much effort on this. 🙂

  3. Openssl has issued 1.1.1g for CVE-2020-1967 (TLS1.3 related). As httpd is built statically with openssl, I’m afraid rebuilding is required.

    Regards.

Leave a Reply to Alexander Gerasimov Cancel reply

Your email address will not be published. Required fields are marked *