Apache httpd 2.4.53, собранный с Brotli, TLS 1.3 final (RFC 8446), OpenSSL 1.1.1m, ALPN и поддержкой http2 для Rocky Linux, Red Hat Enterprise Linux, Alma Linux и CentOS

В репозиторий добавлен Apache httpd 2.4.53-1 с поддержкой сжатия brotli от Google, mod_http2 2.0.2 для Red Hat Enterprise Linux, Rocky Linux, Alma Linux и CentOS. Mod_ssl собран динамически с OpenSSL 1.1.1m.
Ссылки:

Apache httpd 2.4.53 для EL7;

Заметим, что httpd 2.4.53 поддерживает TLS 1.3 при сборке с OpenSSL 1.1.1. Все новые шифры включены и работают.
C версии 2.4.43-4 мы собираем OpenSSL отдельно, он устанавливается в /opt/codeit/openssl111 и никак не затрагивает системные библиотеки.

TLS 1.3 final на сегодня работает в Google Chrome 70+ и Mozilla Firefox 63+.

Для работы с SELinux в rpm включена соответствующая минимальная политика.

Модуль brotli уже включён в базовый RPM. Всё, что нужно — настроить фильтр

AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript

8 thoughts on “Apache httpd 2.4.53, собранный с Brotli, TLS 1.3 final (RFC 8446), OpenSSL 1.1.1m, ALPN и поддержкой http2 для Rocky Linux, Red Hat Enterprise Linux, Alma Linux и CentOS”

Jonah Yong at Earth Observatory of Singapore says:

March 25, 2022 at 3:13 am

Hi Alexander,

I just updated my httpd (CentOS7) from the CodeIT repository today. But the headers show Apache 2.4.53 with OpenSSL-1.1.1l (instead of OpenSSL-1.1.1m), like this:

Apache/2.4.53 (codeit) OpenSSL/1.1.1l mod_fcgid/2.3.9 mod_nss/1.0.14 NSS/3.28.4 PHP/7.4.28

Could there be a mistake? Any chance that you will be releasing something with OpenSSL-1.1.1n (instead of m), soon?

Thanks,
Jonah

Reply
1. Alexander Gerasimov says:
  
  March 25, 2022 at 9:27 am
  
  Hi Jonah,
  
  Please run
  
  yum upgrade openssl111-libs
  
  We already have openssl 1.1.1n from the very first day of its release.
  
  Reply
  1. Jonah Yong at Earth Observatory of Singapore says:
    
    March 28, 2022 at 7:24 am
    
    Hi Alexander,
    
    Thank you very much for your solution. I have successfully followed your instructions and it has solved my problem.
    
    Thank you for taking care of these OpenSSL things for all of us,
    Jonah
    
    Reply
Jonah Yong at Earth Observatory of Singapore says:

March 25, 2022 at 3:15 am

Oh dear! I’m so sorry! I was unaware you are located in Ukraine. Stay stafe.

Reply
1. Alexander Gerasimov says:
  
  March 25, 2022 at 9:32 am
  
  We are now working from the relatively safe place, so builds are on-time for now.
  Ukrainian Army performs well, so we can continue the builds now.
  
  Reply
Jonah Yong at Earth Observatory of Singapore says:

March 28, 2022 at 6:00 am

I am so relieved that you are safe, and not only for my own selfish reasons for using CodeIT repo. I am genuinely happy that you are alive and healthy because you are such good people who are performing a valuable service that is available to the public for free.

Reply
Stefan says:

March 28, 2022 at 2:33 pm

Dear Alex stay safe.

i do however have question.

on my almalinux 8 machine i enable the codeit repo and then try to disabable the httpd module:

i then get this error:
AlmaLinux 8 – BaseOS 11 kB/s | 4.3 kB 00:00
AlmaLinux 8 – AppStream 12 kB/s | 4.7 kB 00:00
AlmaLinux 8 – Extras 9.9 kB/s | 3.9 kB 00:00
Remi’s RPM repository for Enterprise Linux 8 – x86_64 51 kB/s | 3.0 kB 00:00
Safe Remi’s RPM repository for Enterprise Linux 8 – x86_64 7.5 kB/s | 833 B 00:00
Error: Problems in request:
Modular dependency problems:

Problem: module php:7.2:8030020210119114311:2c7ca891.x86_64 requires module(httpd:2.4), but none of the providers can be installed
– conflicting requests

After that i get no update from codeit.

how can i fix this?

regards and the outmost respect,

Stefan

Reply
1. Alexander Gerasimov says:
  
  March 29, 2022 at 7:17 pm
  
  Dear Stefan,
  Thanks!
  Please also try to disable php module to install php from remi:
  dnf module disable php
  
  Reply