Author |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 2930 Location: Hilversum, NL, EU
|
Posted: Tue 04 Jan '22 17:24 Post subject: Apache build with Visual Studio 2022 (VS17) download |
|
|
Had some spare time and build Apache with Visual Studio 2022 (VS17).
https://www.apachelounge.com/download/VS17/binaries/httpd-2.4.52-win64-VS17-openssl3.0.1.zip
https://www.apachelounge.com/download/VS17/binaries/httpd-2.4.52-win64-VS17-openssl1.1.1m.zip
Build with OpenSSL 3.0.1 and 1.1.1m
LUA upgraded to 5.4.3 (was 5.2.4)
APR fix for the handle leak, see www.apachelounge.com/viewtopic.php?p=40768
Also Included in the .zip:
mod_fcgid
mod_security 2.9.5 with LUA 5.3.6(was 5.2.4) libxml2-2.9.12 pcre-8.45 yajl-2.1.0 curl-7.80.0
Notes on OpenSSL 3.0.1:
- Is not compatible with PHP running as module (see below).
Running with mod_fcgid no issues seen.
- With too weak certificates/ciphers Apache not starts (see below).
Use then the Openssl 1.1.1m download.
Other modules you can use the VS16, compatible.
!! Do not forget to install the Visual C++ Redistributable for Visual Studio 2015-2022 x64 from the VS16 download page.
Build with dependencies:
- openssl 3.0.1 and 1.1.1m
- nghttp2 1.46.0
- jansson 2.14
- curl 7.80.0
- apr 1.7.0 with handle leak fix
- apr-util 1.6.1
- apr-iconv 1.2.2
- zlib 1.2.11
- brotli 1.0.9
- pcre 8.45
- libxml2 2.9.12
- lua 5.4.3
- expat 2.4.1
Enjoy, Steffen |
|
Back to top |
|
dmye
Joined: 23 Nov 2021 Posts: 4
|
Posted: Wed 05 Jan '22 6:59 Post subject: |
|
|
Failed to configure certificate ,SSL routines::ca md too weak. Does not support sha1
consider build openssl DOPENSSL_TLS_SECURITY_LEVEL=0 |
|
Back to top |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 2930 Location: Hilversum, NL, EU
|
Posted: Wed 05 Jan '22 8:39 Post subject: |
|
|
Thanks for testing. OpenSSL advises: I would advise against setting this define at all. The default is 1 for a reason. Allowing weaker security than that is usually a bad idea. Level 0 imposes no restrictions and is potentially insecure. You aren’t very likely to need this level in practice. Level 1 is slightly better but still allows weak elements. You may need this level for interoperability purposes with legacy systems. Level 1 is the default security level in OpenSSL.
See for explanation of the levels https://apaste.info/f9GJ (= \doc\man3\SSL_CTX_set_security_level.pod):
Level 0 - Insecure
Everything is permitted. This retains compatibility with previous versions of
OpenSSL.
Level 1 - Weak
The security level corresponds to a minimum of 80 bits of security. Any
parameters offering below 80 bits of security are excluded. As a result RSA,
DSA and DH keys shorter than 1024 bits and ECC keys shorter than 160 bits
are prohibited. All export cipher suites are prohibited since they all offer
less than 80 bits of security. SSL version 2 is prohibited. Any cipher suite
using MD5 for the MAC is also prohibited. Note that signatures using SHA1
and MD5 are also forbidden at this level as they have less than 80 security
bits.
Please try build with 1.1.1m. Download in the start post. |
|
Back to top |
|
Otomatic

Joined: 01 Sep 2011 Posts: 81 Location: Paris, France, EU
|
Posted: Wed 05 Jan '22 15:46 Post subject: |
|
|
In each case, exactly the same configuration with PHP as Apache module:
- PHP 7.4.27
LoadModule php7_module "${INSTALL_DIR}/bin/php/php7.4.27/php7apache2_4.dll"
- PHP 8.0.14
LoadModule php_module "${INSTALL_DIR}/bin/php/php8.0.14/php8apache2_4.dll"
- PHP 8.1.1
LoadModule php_module "${INSTALL_DIR}/bin/php/php8.1.1/php8apache2_4.dll"
- Switching from Apache 2.4.52 64bit VS16 to Apache 2.4.52 64bit VS17
php_error.log with PHP 7.4.27
Code: | [05-Jan-2022 13:13:07 UTC] PHP Warning: PHP Startup: Unable to load dynamic library 'curl' (tried: E:/wamp64/bin/php/php7.4.27/ext/curl (Le module spécifié est introuvable.), E:/wamp64/bin/php/php7.4.27/ext/php_curl.dll (Le module spécifié est introuvable.)) in Unknown on line 0
[05-Jan-2022 13:13:07 UTC] PHP Warning: PHP Startup: Unable to load dynamic library 'ldap' (tried: E:/wamp64/bin/php/php7.4.27/ext/ldap (Le module spécifié est introuvable.), E:/wamp64/bin/php/php7.4.27/ext/php_ldap.dll (Le module spécifié est introuvable.)) in Unknown on line 0
[05-Jan-2022 13:13:07 UTC] PHP Warning: PHP Startup: Unable to load dynamic library 'openssl' (tried: E:/wamp64/bin/php/php7.4.27/ext/openssl (Le module spécifié est introuvable.), E:/wamp64/bin/php/php7.4.27/ext/php_openssl.dll (Le module spécifié est introuvable.)) in Unknown on line 0 | Same errors with PHP 8.0.14 and PHP 8.1.1
Nota : Le module spécifié est introuvable = The specified module cannot be found.
No problem with Apache 2.4.52 64bit VS16 |
|
Back to top |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 2930 Location: Hilversum, NL, EU
|
Posted: Wed 05 Jan '22 16:59 Post subject: |
|
|
Thanks for testing. It is known that PHP and Apache can have issues if not the same OpenSSL version.
Users running php with mod_fcgid have no isses.
Please try build with 1.1.1m. Download in the start post. |
|
Back to top |
|
Otomatic

Joined: 01 Sep 2011 Posts: 81 Location: Paris, France, EU
|
Posted: Wed 05 Jan '22 20:13 Post subject: |
|
|
Thank you very much!
No more problems with OpenSSL 1.1.1m with PHP 7,8 and 8.1 both in Apache module and in mod_fcgid.
Have a nice evening. |
|
Back to top |
|
admin Site Admin

Joined: 15 Oct 2005 Posts: 646
|
Posted: Thu 06 Jan '22 11:29 Post subject: |
|
|
Added the following notes for OpenSSL 3.0.1 in the start post :
Notes on OpenSSL 3.0.1:
- Is not compatible with PHP running as module.
Running with mod_fcgid no issues seen
- With too weak certificates/ciphers Apache not starts.
Use then the Openssl 1.1.1m download
Last edited by admin on Fri 07 Jan '22 10:21; edited 1 time in total |
|
Back to top |
|