Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: OpenSSL 4 support for apache 2.4.68? |
|
| Author |
|
SystemsadminAS
Joined: 02 Jun 2026
Posts: 1
|
 Posted: Tue 02 Jun '26 17:35 Post subject: OpenSSL 4 support for apache 2.4.68? |
 |
|
| A number of apps we use have recently begun supporting OpenSSL 4.0 (two of which we proxy through Apache 2.4.67) - couldn't find anything definitive yet, but is it expected in 2.4.68? |
|
| Back to top |
|
Monika
Joined: 29 Apr 2026
Posts: 1
Location: CZ, UH
|
| Posted: Tue 02 Jun '26 20:59 Post subject: Re: OpenSSL 4 support for apache 2.4.68? |
|
|
I always use the latest openssl unofficially.
I am using openssl 4 with apache version 2.4.67:
libcrypto-4-x64.dll
libcrypto-3-x64.dll (renamed libcrypto-4-x64.dll)
libssl-4-x64.dll
libssl-3-x64.dll (renamed libssl-4-x64.dll)
httpd.conf (example in relative usage):
LoadFile "bin/libssl-4-x64.dll"
LoadFile "bin/libcrypto-4-x64.dll"
phpinfo:
| Code: | Apache Version Apache/2.4.67 (Win64) PHP/8.5.6 OpenSSL/4.0.0
...
OpenSSL support enabled
OpenSSL Library Version OpenSSL 4.0.0 14 Apr 2026 |
Apache is running with Openssl 4 on https. |
|
| Back to top |
|
nono303
Joined: 20 Dec 2016
Posts: 231
Location: Lille, FR, EU
|
| Posted: Wed 03 Jun '26 17:20 Post subject: |
|
|
Hi
FYI, I've just had a quick test building httpd 2.4.67 with openssl 4.0.0 and it’s failed as ASN1_STRING has been made opaque
| Code: | modules\ssl\ssl_engine_ocsp.c(42): error C2037: left of 'data' specifies undefined struct/union 'asn1_string_st'
modules\ssl\ssl_engine_ocsp.c(41): error C2198: 'char *apr_pstrdup(apr_pool_t *,const char *)': too few arguments for call
modules\ssl\ssl_engine_vars.c(700): error C2037: left of 'type' specifies undefined struct/union 'asn1_string_st'
modules\ssl\ssl_engine_vars.c(700): error C2037: left of 'length' specifies undefined struct/union 'asn1_string_st'
modules\ssl\ssl_engine_vars.c(701): error C2037: left of 'type' specifies undefined struct/union 'asn1_string_st'
modules\ssl\ssl_engine_vars.c(701): error C2037: left of 'length' specifies undefined struct/union 'asn1_string_st'
modules\ssl\ssl_engine_vars.c(706): error C2037: left of 'type' specifies undefined struct/union 'asn1_string_st'
modules\ssl\ssl_engine_vars.c(707): error C2037: left of 'data' specifies undefined struct/union 'asn1_string_st'
modules\ssl\ssl_engine_vars.c(709): error C2037: left of 'data' specifies undefined struct/union 'asn1_string_st'
modules\ssl\ssl_engine_vars.c(711): error C2037: left of 'data' specifies undefined struct/union 'asn1_string_st'
modules\ssl\ssl_engine_vars.c(711): error C2037: left of 'data' specifies undefined struct/union 'asn1_string_st'
modules\ssl\ssl_engine_vars.c(712): error C2037: left of 'data' specifies undefined struct/union 'asn1_string_st'
modules\ssl\ssl_engine_vars.c(1031): error C2037: left of 'data' specifies undefined struct/union 'asn1_string_st'
modules\ssl\ssl_engine_vars.c(1037): error C2037: left of 'length' specifies undefined struct/union 'asn1_string_st' |
Applied #642 [2.4.x] Fix OpenSSL 4.0 compat >> build and run fine 
Note that some changes occur on openssl list -tls1_3 -tls-groups & openssl list -tls1_2 -tls-groups that might require some change in your conf
For me, I had to remove sect571r1:sect571k1:sect409k1:sect409r1 from SSLOpenSSLConfCmd Groups |
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3193
Location: Hilversum, NL, EU
|
| Posted: Fri 05 Jun '26 16:49 Post subject: |
|
|
OpenSSL 4 introduces support for Encrypted Client Hello (ECH), which has recently been standardized as RFC 9849. The fact that there are many backward-incompatible changes in this version and that it doesn't come with long-term support, probably means that most distributions will skip it. According to the roadmap, the next LTS version is expected about this time next year.
Think we stay with 3 in 2.4.68. |
|
| Back to top |
|
tangent
Moderator
Joined: 16 Aug 2020
Posts: 448
Location: UK
|
| Posted: Fri 05 Jun '26 17:55 Post subject: |
|
|
| nono303 wrote: | Hi
FYI, I've just had a quick test building httpd 2.4.67 with openssl 4.0.0 and it’s failed as ASN1_STRING has been made opaque
| Code: | modules\ssl\ssl_engine_ocsp.c(42): error C2037: left of 'data' specifies undefined struct/union 'asn1_string_st'
etc...
|
Applied #642 [2.4.x] Fix OpenSSL 4.0 compat >> build and run fine 8)
|
When I try building the full stack (CMake HowTo) with OpenSSL 4.0.0, I get fatal errors from APR-UTIL, which fails since the ENGINE API has been deprecated in OpenSSL 4.
Can you clarify how you're managing to build HTTPD and APR with OpenSSL 4.0.0? |
|
| Back to top |
|
|
|
|
|
|
