В репозиторий добавлен Apache httpd 2.4.43-2 с поддержкой сжатия brotli от Google, http2 для Red Hat Enterprise Linux и CentOS. Mod_ssl собран статически с OpenSSL 1.1.1f. Ссылки:
Заметим, что httpd 2.4.43 поддерживает TLS 1.3 при сборке с OpenSSL 1.1.1. Все новые шифры включены и работают.
TLS 1.3 final на сегодня работает в Google Chrome 70+ и Mozilla Firefox 63+.
Для работы с SELinux в rpm включена соответствующая минимальная политика.
Модуль brotli уже включён в базовый RPM. Всё, что нужно — настроить фильтр
AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript
Including mod_md in next Apache httpd rpm will be awesome.
With latest version al lot of bugs have been fixed in the module.
mod_md requires fresh curl that is not available on EL7.
You can ask mod_md authors to support older versions.
Hi, can you please tell me the upgradtion procedure of apache 2.4.37 to 2.4.43, as my current version is 2.4.37 but TLSv1.2 and TLSv1.3 saying unknown protocol though my openssl version is OpenSSL 1.1.1g , can yo please help how to resolve.
Hi. Please refer to your OS support team/forum for support.
mod_md is available from testing repository: https://repo.codeit.guru/packages/testing/x86_64/mod_md-2.4.43-3.codeit.el7.x86_64.rpm
I will test it asap, thanks
mod_md needs mod_ssl as a dependency, otherwise it will not work.
other than that it’s working fine.
thanks
Thank you for the confirmation.
I made a pull request to upstream: waiting for their comments.
https://github.com/apache/httpd/pull/108
Hiya, thanks a lot for this build.
I’m trying to install on centos 7 but apache wont start, it says
undefined symbol: apr_thread_mutex_timedlock
any ideas to fix this? thanks
I think you may also need to install apr and apr-util from our repo.
Hiya thanks for your reply, I have tried this but still stuck. tried removing apr* and then reinstalling everything from codeit
[root@ip-172-31-30-228 yum.repos.d]# yum list installed | grep apr
apr.x86_64 1.7.0-2.el7 @CodeIT
apr-util.x86_64 1.6.1-6.el7 @CodeIT
but restarting apache still gives me
/usr/sbin/httpd: symbol lookup error: /usr/sbin/httpd: undefined symbol: apr_thread_mutex_timedlock
so not sure why this is
Hi Alex,
Not sure if mod_http2(1.15.8) is worth having a new build?
🙂
Hello Jeffrey,
This includes code cleanup, stream id fixes and Windows crash fix.
I don’t think we are affected by any of these problems, so I would say we are safe to skip it.
Hi Alex,
Not sure if you run mod_reqtimeout & mod_http2 at the same time?
But anyway, it’s ok if it’s too much effort on this. 🙂
Hi Alex,
Seems like my case has been fixed in version 1.15.9.
Hi Jeffrey,
Released.
Openssl has issued 1.1.1g for CVE-2020-1967 (TLS1.3 related). As httpd is built statically with openssl, I’m afraid rebuilding is required.
Regards.
Exactly.
We’re testing a new build now with openssl 1.1.1g dynamic library in /opt/codeit directory and mod_md module.
Released.