logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: SSLOpenSSLConfCmd invalid command
Author
spil



Joined: 27 Aug 2007
Posts: 6
PostPosted: Wed 20 May '15 9:23    Post subject: SSLOpenSSLConfCmd invalid command Reply with quote
Trying to set a specific dhparams file after yesterday's disclosure of the logjam vulnerability I found that the VC10 apache build 2.4.12/1.0.1m does not support the SSLOpenSSLConfCmd configuration directive

AH00526: Syntax error on line 130 of conf/httpd.conf:
Invalid command 'SSLOpenSSLConfCmd', perhaps misspelled or defined by a module not included in the server configuration

Any pointers?
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3059
Location: Hilversum, NL, EU
PostPosted: Wed 20 May '15 9:53    Post subject: Reply with quote
Directive is available in httpd 2.4.8 and later, if using OpenSSL 1.0.2 or later.
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
PostPosted: Wed 20 May '15 12:02    Post subject: Reply with quote
I don't use that directive (even though I could) and when I test my server I get
Quote:
Good News! This site uses strong (2048-bit or better) key exchange parameters and is safe from the Logjam attack.


I assume you are getting this directive reading this info from https://weakdh.org/sysadmin.html
Back to top
toothrot



Joined: 20 May 2015
Posts: 1
PostPosted: Wed 20 May '15 23:02    Post subject: Reply with quote
Steffen wrote:
1.0.2 or later.


Anyone know whether binaries with OpenSSL 1.0.2 will be uploaded at some point?
Back to top
Smitty



Joined: 03 Jan 2008
Posts: 197
PostPosted: Fri 22 May '15 16:05    Post subject: Reply with quote
I have the same question. Can we get an Apachelounge version built with OpenSSL 1.0.2a?
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7306
Location: Germany, Next to Hamburg
PostPosted: Fri 22 May '15 16:46    Post subject: Reply with quote
In my last try in February httpd apache did not compile against 1.0.2 aka the build broke with that version.
Back to top
Smitty



Joined: 03 Jan 2008
Posts: 197
PostPosted: Fri 22 May '15 16:52    Post subject: Reply with quote
Did the problem get fixed in 1.0.2a that was released in March? I'm surprised if an issue has existed this long and hasn't been fixed. The 1.0.1 branch is only supported until December 2016.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7306
Location: Germany, Next to Hamburg
PostPosted: Tue 26 May '15 17:57    Post subject: Reply with quote
Only 1,5 years? Isn't that long enough to wait for apache compile against 1.0.2 ?
Back to top
Smitty



Joined: 03 Jan 2008
Posts: 197
PostPosted: Tue 26 May '15 20:18    Post subject: Reply with quote
LOL! Never hurts to be prepared ahead of time!
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7306
Location: Germany, Next to Hamburg
PostPosted: Tue 26 May '15 22:58    Post subject: Reply with quote
As you can see Steffen made it possible on Windows http://www.apachelounge.com/viewtopic.php?p=30548

I still struggle with that beast on my debian. The windows build will follow later.
Back to top


Reply to topic   Topic: SSLOpenSSLConfCmd invalid command View previous topic :: View next topic
Post new topic   Forum Index -> Apache