TLS 1.1 support in Apache 2.2 or latest

Discussion in 'Server Operation' started by max123, Nov 20, 2012.

  1. max123

    max123 New Member

    Hi all,
    i'm confused!
    i read as part of the features list for Apache 2.2
    http://httpd.apache.org/docs/2.2/mod/mod_ssl.html
    that
    SSL_PROTOCOL string The SSL protocol version (SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2)


    however when i run the app using apache 2.2 i get following:
    [Thu Nov 08 13:38:54 2012] [notice] Apache/2.2.10 (Unix) DAV/2 mod_ssl/2.2.10 OpenSSL/0.9.7d mod_jk/1.2.26 configured -- resuming normal operations

    meaning i'm using apache 2.2 but with openssl 0.9 whcih according to what i read only supports upto TLSv1.0 and not above. to get TLS 1.1 apparently i need open ssl 1.0.1.
    https://community.qualys.com/thread/2013

    prooblem 1 - does apache 2.2 or 2.4 support TLS 1.1 or not? - documentation says it does via the mod ssl.

    if yes then how do i get TLS1.1 working? i would appreaciate some direction, app only way is to recompile with openssl 1.0 and that 2.2 does not support TLSv1.1,

    thanks
     
  2. max123

    max123 New Member

    ok. clarification and update - yes to get TLS 1.1 you do need to recompile using ssl 1.0.1
    standard apache version doesn't have TLS1.1 support
     
  3. Ben

    Ben New Member Moderator HowtoForge Supporter ISPConfig Developer

    Generally this depends on the openssl version your distribution's apache/nod_ssl.so was compiled with.

    Never the less you could compile openssl + apache yourself from the source to benefit from tls1.1+ etc.
    But then you also have to maintain this future on.
     

Share This Page