logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS Twitter


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: mod_ssl warning (OpenSSL 3.1.1/3.0.9)
Author
RoyK



Joined: 08 Jun 2023
Posts: 2
Location: Japan,Tokyo

PostPosted: Thu 08 Jun '23 9:22    Post subject: mod_ssl warning (OpenSSL 3.1.1/3.0.9) Reply with quote

Hello,

Currently upgraded Apache 2.4.57 Win64(31 May '23 ver) from Apache 2.4.57 Win64(07 Apr '23 ver) .

On my environment, Apache is running with OpenSSL 3.0.9, which is LTS version,so I replace "libcrypto-3-x64.dll","libssl-3-x64.dll","openssl.exe" with 3.0.9 in "apache\bin".
(Keep original 3.1.1 version files on another directory)

Then, apache is running, TLS works, I get warning as below in error.log.

"this version of mod_ssl was compiled against a newer library (OpenSSL 3.1.1 30 May 2023, version currently loaded is OpenSSL 3.0.9 30 May 2023) - may result in undefined or erroneous behavior"

Is that mean using Apache Lounge binaries must be with OpenSSL 3.1.x?
Or should I ignore this warning?

Regards,

--
OS:Windows Server 2019 Standard
Apache 2.4.57 Win64(31 May '23 ver)
OpenSSL 3.0.9 x64
PHP 8.2.6
Back to top
DnvrSysEngr



Joined: 15 Apr 2012
Posts: 214
Location: Denver, CO USA

PostPosted: Fri 09 Jun '23 6:10    Post subject: Reply with quote

The version you downloaded was more than likely compiled with OpenSSL 3.1.1, thus the reason you are getting the error since you have manually replaced the the OpenSSL binaries and libraries with v3.0.9. Best to stick with the versions of OpenSSL that this particular build of Apache was compiled with.

Silly question - why are you trying to use / rollback to v3.0.9 of OpenSSL?

Just my 2 worth.
Back to top
RoyK



Joined: 08 Jun 2023
Posts: 2
Location: Japan,Tokyo

PostPosted: Fri 09 Jun '23 10:07    Post subject: Reply with quote

Thank you for reply.

The reason I Use OpenSSL v3.0.x is it has longer support (7th September 2026) than v3.1.x (14th March 2025).
Back to top
DnvrSysEngr



Joined: 15 Apr 2012
Posts: 214
Location: Denver, CO USA

PostPosted: Fri 09 Jun '23 23:04    Post subject: Reply with quote

Best to use what Apache was compiled with. 3.1.x branch will be extended out further than the 3.0.x branch.

Do not be concerned about 'End of Life.'
Back to top
Jan-E



Joined: 09 Mar 2012
Posts: 1246
Location: Amsterdam, NL, EU

PostPosted: Tue 13 Jun '23 16:10    Post subject: Reply with quote

DnvrSysEngr wrote:
3.1.x branch will be extended out further than the 3.0.x branch.

I would not be so sure about that. 3.0 is a LTS release and 3.1 is not. See for instance https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/
Back to top
Jan-E



Joined: 09 Mar 2012
Posts: 1246
Location: Amsterdam, NL, EU

PostPosted: Tue 13 Jun '23 16:33    Post subject: Reply with quote

FWIW: PHP 8.3.0 Alpha 1 is built with OpenSSL 3.0. And even an old version: 3.0.8. See the downloads on https://windows.php.net/qa
Back to top
Jan-E



Joined: 09 Mar 2012
Posts: 1246
Location: Amsterdam, NL, EU

PostPosted: Tue 13 Jun '23 17:00    Post subject: Reply with quote

Compare 1.0.2 (LTS) with 1.1.0 (non LTS). The EOL of 1.0.2 was later than the EOL of 1.1.0. And even at this very moment you can still get paid Premium support for OpenSSL 1.0.2. When I switch to VS17 and OpenSSL 3, I will choose 3.0 because that one is the LTS version of 3.x.
https://endoflife.date/openssl
Back to top


Reply to topic   Topic: mod_ssl warning (OpenSSL 3.1.1/3.0.9) View previous topic :: View next topic
Post new topic   Forum Index -> Apache