Can I upgrade OpenSSL version used by apache without recompiling the server but just mod_ssl?

apache-2.2 openssl mod-ssl
25,062

Solution 1

The mod_ssl.so library is dynamically linked to OpenSSL:

$ ldd mod_ssl.so | egrep 'lib(ssl|crypto)'
    libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f23f7209000)
    libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007f23f6e26000)

As long as your upgrade of OpenSSL does not change the path to the library, all you need to do is upgrade OpenSSL, and then restart Apache so that the new OpenSSL library is loaded. The last time that OpenSSL changed the library paths was in 1.0.0, I believe, so if you are updating from 1.0.0 or later, it should be fine. If you are upgrading from an older version (e.g. 0.9.8), you will need to rebuild mod_ssl after rebuilding OpenSSL.

Solution 2

I strongly suggest upgrading your distribution, both Apache 2.2 and OpenSSL 0.9 are VERY, VERY, VERY old and hardly supported any longer.

If that is not an option, you will need to install dev headers for your installed OpenSSL version and recompile mod_ssl against them. That is, if you are using Gentoo or other "do it yourself" kind of distro.

Else, just man up and upgrade. It is LONG overdue in your case.

Share:
25,062

Related videos on Youtube

user3019105
Author by

user3019105

Updated on September 18, 2022

Comments

  • user3019105
    user3019105 almost 2 years

    I have an Apache server on a Unix machine:

    Apache/2.2.29 (Unix) OpenSSL/0.9.8zg

    I would like to upgrade the OpenSSL version to 1.0.2, which is the version currently installed on my system:

    machine:/ user$ openssl version
OpenSSL 1.0.2d 9 Jul 2015

    Can I do that without recompiling the whole server? Do I have to recompile mod_ssl only as it is loaded inside httpd.conf with LoadModule?:

    LoadModule ssl_module modules/mod_ssl.so

    How can I do that?

  • sam_pan_mariusz
    sam_pan_mariusz almost 9 years
    Years ago, I tried to upgrade libssl from 0.9.7 to 0.9.8 IIRC. The filename has changed, so I symlinked it to the old one. This, however, failed completely, probably due to an API change. I can't tell if there's such a change after 1.0.0, but if the OP upgrades OpenSSL to improve security, I'd recommend upgrading httpd to 2.4 anyway, as there are important security enhancements - search for Logjam and Diffie-Hellman Groups with Apache 2.2. To have it fixed in 2.2, patching is needed (and so recompilation).

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Upgrade OpenSSL (mod_ssl) on WIndows Apache 2.2.18 to v1.1.0b
OpenSSL Handshake Failure (14094410) - Erroneous Client Certificate Check from Mobile Phone
How to install godaddy's ssl on apache
apache Client Certificate Authentication errors: Certificate Verification: Error (18): self signed certificate
How to run a virtualhost 443 without an SSL cert?
SSL URL gives a 404
How to disable TLS 1.1 & 1.2 in Apache?
How to enable TLS 1.1 and 1.2 with OpenSSL and Apache
How force that all connections to my Apache use TLSv1.1 or TLSv1.2?
Ubuntu 14.04 mod_ssl not available