Author: Alexander Gerasimov

Apache httpd 2.4.55 with brotli support, TLS 1.3 final (RFC 8446) built against OpenSSL 1.1.1s with http2, mod_http2 2.0.9 and ALPN for Red Hat Enterprise Linux 7/8/9 and CentOS 7, Alma Linux 8/9, Rocky Linux 8/9

Apache httpd 2.4.55-1 with brotli compression library from Google, TLS 1.3 Final (RFC 8446), http2 (HTTP/2) support for Red Hat Enterprise Linux and CentOS 7/8, Alma Linux 8, Rocky Linux 8 added to repository. mod_http2 2.0.2 is built dynamically against OpenSSL 1.1.1s.

Fixed vulnerabilities:

  • CVE-2022-37436: Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting
  • CVE-2022-36760: Apache HTTP Server: mod_proxy_ajp Possible request smuggling
  • CVE-2006-20001: mod_dav out of bounds read, or write of zero byte

We build OpenSSL+QUIC 1.1.1 separately since v2.4.53-2, installing it separately to /lib64 with .so.81.1.1 suffix to ensure it won’t interfere with your system libraries. You can safely delete openssl111* packages.

On EL8 and EL9 please enable httpd module:

dnf module enable httpd:codeit

Since 2.4.33 we added brotli compression library. Since 2.4.35 release we start building Apache httpd against OpenSSL 1.1.1*. Since 2.4.37 release TLS 1.3 final version (not to be confused with any draft versions) is supported and enabled by default. Please note that TLS 1.3 final version is supported in Chrome 70+ and Mozilla Firefox 63+. brotli support is already included in base RPM file. All you need is to add filters like <pre>AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript</pre>

NGINX 1.23.3 QUIC with Brotli, TLS 1.3, OpenSSL 1.1.1s, HTTP/2 and HTTP/3 for Red Hat Enterprise Linux, CentOS, Rocky, Oracle, Alma Linux EL7/EL8/EL9

NGINX 1.23.3 mainline with HTTP/3 support added to EL7, EL8, EL9 repositories. brotli compression module from Google, http2, ngx cache purge и ngx http geoip2 modules added or built-in. OpenSSL built dynamically using OpenSSL+QUIC 1.1.1s.

TLS 1.3 final works with Google Chrome 70+ and Mozilla Firefox 63+.

RHEL 7 / CentOS 7:

yum upgrade -y codeit-repo-release
yum-config-manager --enable CodeIT-quic --save

RHEL 8-9 / Alma Linux 8-9 / Rocky Linux 8-9 / CentOS 8-9 / Other EL8/EL9 repos are modular now.  To install nginx with HTTP/3 support, you need to enable the appropriate stream:

dnf module enable -y nginx:codeit-quic

We build OpenSSL+QUIC 1.1.1 separately since v1.21.6, installing it separately to /lib64 with .so.81.1.1 suffix to ensure it won’t interfere with your system libraries.

NGINX 1.23.3 mainline with Brotli, TLS 1.3, OpenSSL 1.1.1s, HTTP/2 for Red Hat Enterprise Linux, CentOS, Rocky, Oracle, Alma Linux EL7/EL8/EL9

NGINX 1.23.3 mainline added to EL7, EL8, EL9 repositories. brotli compression module from Google, http2, ngx cache purge и ngx http geoip2 modules added or built-in. OpenSSL built dynamically using OpenSSL+QUIC 1.1.1s.

TLS 1.3 final works with Google Chrome 70+ and Mozilla Firefox 63+.

RHEL 8-9 / Alma Linux 8-9 / Rocky Linux 8-9 / CentOS 8-9 / Other EL8/EL9 repos are modular now.  To install nginx mainline, you need to enable the appropriate stream:

dnf module enable -y nginx:codeit-mainline

We build OpenSSL+QUIC 1.1.1 separately since v1.21.6, installing it separately to /lib64 with .so.81.1.1 suffix to ensure it won’t interfere with your system libraries.

NGINX 1.22.1 stable with Brotli, TLS 1.3, OpenSSL 1.1.1r, HTTP/2 for Red Hat Enterprise Linux, CentOS, Rocky, Oracle, Alma Linux EL7/EL8/EL9

NGINX 1.23.1 stable added to EL7, EL8, EL9 repositories. brotli compression module from Google, http2, ngx cache purge и ngx http geoip2 modules added or built-in. OpenSSL built dynamically using OpenSSL+QUIC 1.1.1r.

TLS 1.3 final works with Google Chrome 70+ and Mozilla Firefox 63+.

RHEL 8-9 / Alma Linux 8-9 / Rocky Linux 8-9 / CentOS 8-9 / Other EL8/EL9 repos are modular now.  To install nginx mainline, you need to enable the appropriate stream:

dnf module enable -y nginx:codeit-mainline

We build OpenSSL+QUIC 1.1.1 separately since v1.21.6, installing it separately to /lib64 with .so.81.1.1 suffix to ensure it won’t interfere with your system libraries.

NGINX 1.23.2 QUIC with Brotli, TLS 1.3, OpenSSL 1.1.1r, HTTP/2 and HTTP/3 for Red Hat Enterprise Linux, CentOS, Rocky, Oracle, Alma Linux EL7/EL8/EL9

NGINX 1.23.2 mainline added to EL7, EL8, EL9 repositories. brotli compression module from Google, http2, ngx cache purge и ngx http geoip2 modules added or built-in. OpenSSL built dynamically using OpenSSL+QUIC 1.1.1r.

TLS 1.3 final works with Google Chrome 70+ and Mozilla Firefox 63+.

RHEL 7 / CentOS 7:

yum upgrade -y codeit-repo-release
yum-config-manager --enable CodeIT-quic --save

RHEL 8-9 / Alma Linux 8-9 / Rocky Linux 8-9 / CentOS 8-9 / Other EL8/EL9 repos are modular now.  To install nginx with HTTP/3 support, you need to enable the appropriate stream:

dnf module enable -y nginx:codeit-quic

We build OpenSSL+QUIC 1.1.1 separately since v1.21.6, installing it separately to /lib64 with .so.81.1.1 suffix to ensure it won’t interfere with your system libraries.

NGINX 1.23.2 mainline with Brotli, TLS 1.3, OpenSSL 1.1.1r, HTTP/2 for Red Hat Enterprise Linux, CentOS, Rocky, Oracle, Alma Linux EL7/EL8/EL9

NGINX 1.23.2 mainline added to EL7, EL8, EL9 repositories. brotli compression module from Google, http2, ngx cache purge и ngx http geoip2 modules added or built-in. OpenSSL built dynamically using OpenSSL+QUIC 1.1.1r.

TLS 1.3 final works with Google Chrome 70+ and Mozilla Firefox 63+.

RHEL 8-9 / Alma Linux 8-9 / Rocky Linux 8-9 / CentOS 8-9 / Other EL8/EL9 repos are modular now.  To install nginx mainline, you need to enable the appropriate stream:

dnf module enable -y nginx:codeit-mainline

We build OpenSSL+QUIC 1.1.1 separately since v1.21.6, installing it separately to /lib64 with .so.81.1.1 suffix to ensure it won’t interfere with your system libraries.

NGINX 1.23.1 QUIC with Brotli, TLS 1.3, OpenSSL 1.1.1q, HTTP/2 and HTTP/3 for Red Hat Enterprise Linux, CentOS, Rocky, Oracle, Alma Linux EL7/EL8/EL9

NGINX 1.23.1 mainline added to EL7, EL8, EL9 repositories. brotli compression module from Google, http2, ngx cache purge и ngx http geoip2 modules added or built-in. OpenSSL built dynamically using OpenSSL+QUIC 1.1.1q.

TLS 1.3 final works with Google Chrome 70+ and Mozilla Firefox 63+.

RHEL 7 / CentOS 7:

yum upgrade -y codeit-repo-release
yum-config-manager --enable CodeIT-quic --save

RHEL 8-9 / Alma Linux 8-9 / Rocky Linux 8-9 / CentOS 8-9 / Other EL8/EL9 repos are modular now.  To install nginx with HTTP/3 support, you need to enable the appropriate stream:

dnf module enable -y nginx:codeit-quic

We build OpenSSL+QUIC 1.1.1 separately since v1.21.6, installing it separately to /lib64 with .so.81.1.1 suffix to ensure it won’t interfere with your system libraries.

NGINX 1.23.1 mainline with Brotli, TLS 1.3, OpenSSL 1.1.1q, HTTP/2 for Red Hat Enterprise Linux, CentOS, Rocky, Oracle, Alma Linux EL7/EL8/EL9

NGINX 1.23.1 mainline added to EL7, EL8, EL9 repositories. brotli compression module from Google, http2, ngx cache purge и ngx http geoip2 modules added or built-in. OpenSSL built dynamically using OpenSSL+QUIC 1.1.1q.

TLS 1.3 final works with Google Chrome 70+ and Mozilla Firefox 63+.

RHEL 8-9 / Alma Linux 8-9 / Rocky Linux 8-9 / CentOS 8-9 / Other EL8/EL9 repos are modular now.  To install nginx mainline, you need to enable the appropriate stream:

dnf module enable -y nginx:codeit-mainline

We build OpenSSL+QUIC 1.1.1 separately since v1.21.6, installing it separately to /lib64 with .so.81.1.1 suffix to ensure it won’t interfere with your system libraries.

Apache httpd 2.4.54 with brotli support, TLS 1.3 final (RFC 8446) built against OpenSSL 1.1.1o with http2, mod_http2 2.0.2 and ALPN for Red Hat Enterprise Linux 7/8 and CentOS 7, Alma Linux 8, Rocky Linux 8

Apache httpd 2.4.54-1 with brotli compression library from Google, TLS 1.3 Final (RFC 8446), http2 (HTTP/2) support for Red Hat Enterprise Linux and CentOS 7/8, Alma Linux 8, Rocky Linux 8 added to repository. mod_http2 2.0.2 is built dynamically against OpenSSL 1.1.1o.

Fixed vulnerability: CVE-2022-26377: Apache HTTP Server: mod_proxy_ajp: Possible request smuggling.

We build OpenSSL+QUIC 1.1.1 separately since v2.4.53-2, installing it separately to /lib64 with .so.81.1.1 suffix to ensure it won’t interfere with your system libraries. You can safely delete openssl111* packages.

On EL8 please enable httpd module:

dnf module enable httpd:codeit

Since 2.4.33 we added brotli compression library. Since 2.4.35 release we start building Apache httpd against OpenSSL 1.1.1*. Since 2.4.37 release TLS 1.3 final version (not to be confused with any draft versions) is supported and enabled by default. Please note that TLS 1.3 final version is supported in Chrome 70+ and Mozilla Firefox 63+. brotli support is already included in base RPM file. All you need is to add filters like <pre>AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript</pre>