Apache httpd 2.4.38, собранный с Brotli, TLS 1.3 final (RFC 8446), OpenSSL 1.1.1a, ALPN и поддержкой http2 для Red Hat Enterprise Linux и CentOS

В репозиторий добавлен Apache httpd 2.4.38 с поддержкой сжатия brotli от Google, http2 для Red Hat Enterprise Linux и CentOS. Mod_ssl собран статически с OpenSSL 1.1.1a. Ссылки:

Заметим, что httpd 2.4.38 уже поддерживает TLS 1.3 при сборке с OpenSSL 1.1.1. Все новые шифры включены и работают.

TLS 1.3 final на сегодня работает в Google Chrome 70+ и Mozilla Firefox 63+.

Для работы с SELinux установите следующий boolean:

setsebool -P httpd_execmem=1

Модуль brotli уже включён в базовый RPM. Всё, что нужно — настроить фильтр

AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript

Apache httpd 2.4.38, собранный с Brotli, TLS 1.3 final (RFC 8446), OpenSSL 1.1.1a, ALPN и поддержкой http2 для Red Hat Enterprise Linux и CentOS: 7 комментариев

  1. I have downloaded your SRPM for Centos 7 and am trying to build our own version. This is just so that we can validate the patches and the original apache source for PCI DSS reasons.
    I have disabled http2 and brotli support. I also downloaded a slightly later version of openssl and compiled that and updated the path in your spec file. A diff of your spec file is shown below so you can see exactly what we changed.
    The issue that we are having is that mod_ssl and httpd_tools have a dependency on libssl.so.1.1 and libcrypto.so.1.1 when we then go to install the rpm files so it looks like the srpm is not setup to statically link to openssl?

    Any suggestions?

    Thanks
    Gareth

    82c82
    BuildRequires: zlib-devel, libselinux-devel, lua-devel
    86c86
    Obsoletes: httpd-suexec
    92c92
    #Requires: mod_http2
    275,276c275,276
    < export CFLAGS="$RPM_OPT_FLAGS -I/root/openssl-1.1.1a"
    export CFLAGS=»$RPM_OPT_FLAGS -I/home/rpmbuild/openssl-1.1.1b»
    > export LDFLAGS=»-Wl,-z,relro,-z,now -L/home/rpmbuild/openssl-1.1.1b»
    305d304
    < —with-brotli \
    309c308
    —enable-ssl —with-ssl=/home/rpmbuild/openssl-1.1.1b —disable-distcache \

      1. Thank you very much for that.
        The first time it didn’t compile. I did a ‘make clean’ to start again from fresh and then it compiled fine and after rebuilding the rpm it installed without any dependency issues.

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *