Apache httpd 2.4.56-1 with brotli compression library from Google, TLS 1.3 Final (RFC 8446), http2 (HTTP/2) support for Red Hat Enterprise Linux and CentOS 7/8, Alma Linux 8, Rocky Linux 8 added to repository. mod_http2 2.0.13 is built dynamically against OpenSSL 1.1.1t.
- CVE-2023-27522: HTTP response smuggling bug
- CVE-2023-25690: HTTP request smuggling vulnerability
We build OpenSSL+QUIC 1.1.1 separately since v2.4.53-2, installing it separately to /lib64 with .so.81.1.1 suffix to ensure it won’t interfere with your system libraries. You can safely delete openssl111* packages.
On EL8 and EL9 please enable httpd module:
dnf module enable httpd:codeit
3 thoughts on “Apache httpd 2.4.56 with brotli support, TLS 1.3 final (RFC 8446) built against OpenSSL 1.1.1t with http2, mod_http2 2.0.13 and ALPN for Red Hat Enterprise Linux 7/8/9 and CentOS 7, Alma Linux 8/9, Rocky Linux 8/9”
I did a “yum update httpd” and “dnf update httpd” on my CentOS7 and Rocky8 servers.
On both servers, my httpd changed from 2.4.55 to 2.4.56, which is good.
But the OpenSSL/1.1.1q+quic remains as version 1.1.1q+.
I already did “dnf module enable httpd:codeit” and “yum upgrade openssl111-libs”.
How can I get the OpenSSL to version 1.1.1t, please?
Oops, sorry, I just found out by chance.
I had to do “yum update openssl-quic-libs.x86_64” to get latest OpenSSL library.
Yes, openssl-quic-libs is the right dependency now.