Author |
|
mparamas
Joined: 09 Apr 2014 Posts: 1 Location: US/Indianapolis
|
Posted: Wed 09 Apr '14 20:42 Post subject: PHP 5.5.11 with OpenSSL 1.0.1f |
|
|
admin wrote: | Stop apache and/or apachemonitor
Copy all files over, except (config) files you changed
Start apache |
Thanks. Updated from Apache2.4.8. Now I have:
Apache/2.4.9 (Win64) OpenSSL/1.0.1g PHP/5.5.11
(Everything works without having to get CA certificates re-issued.)
However PHP 5.5.11 reports 1.0.1f in OpenSSL Header Version, as shown below:
OpenSSL support enabled
OpenSSL Library Version OpenSSL 1.0.1g 7 Apr 2014
OpenSSL Header Version OpenSSL 1.0.1f 6 Jan 2014
I am bring this to your attention. |
|
Back to top |
|
Qmpeltaty
Joined: 06 Feb 2008 Posts: 182 Location: Poland
|
Posted: Thu 10 Apr '14 21:14 Post subject: |
|
|
admin wrote: | Stop apache and/or apachemonitor
Copy all files over, except (config) files you changed
Start apache
|
I have few 2.4.3 instances which i would like not to upgrade to 2.4.9 but fix openssl only - should i replace the dlls only or/and mod_ssl.so as well ? |
|
Back to top |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3091 Location: Hilversum, NL, EU
|
Posted: Thu 10 Apr '14 21:27 Post subject: |
|
|
For The Heartbleed Bug you should be fine by only replacing the dll's. (I removed the note). Must say that I did not tested it.
Btw. Upgrading by copying 2.4.9 over cost the same time. And 2.4.9 has huge fixes/improvements over 2.4.3. |
|
Back to top |
|
Qmpeltaty
Joined: 06 Feb 2008 Posts: 182 Location: Poland
|
Posted: Thu 10 Apr '14 21:49 Post subject: |
|
|
You are right Steffen about the cost/time of upgrade. The problem is that i had quite complicated configuration with lot of different modules and i'm not sure of their stability under 2.4.9. As you probably know (because of my posts on this forum), most of my instances are under heavy load, i would like to avoid unecessary downtimes because of unstable/not working properly modules etc.
Should i also change mod_ssl.so file ?
Would it be compatibile/stable if i take mod_ssl.so from 2.4.9 which is V11 compiled, and use it with 2.4.3 which is V10 (or V9?) compiled ? |
|
Back to top |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3091 Location: Hilversum, NL, EU
|
Posted: Thu 10 Apr '14 21:54 Post subject: |
|
|
I meant take only the dll's and exe's in the /bin folder form the 1.0.1g zip with date April 2014. Do not mix VC10 VC11 in this case. |
|
Back to top |
|
Qmpeltaty
Joined: 06 Feb 2008 Posts: 182 Location: Poland
|
Posted: Thu 10 Apr '14 22:01 Post subject: |
|
|
Ok. Last question - I have 2.4.3-x64 version (built Aug/18/2012 from apachelounge) with 1.0.1c SSL. Is it enough to replace libeay32.dll ssleay32.dll and openssl.exe in bin directory with the dlls and exe from 2.4.9 x64 ? |
|
Back to top |
|
glsmith Moderator
Joined: 16 Oct 2007 Posts: 2268 Location: Sun Diego, USA
|
Posted: Thu 10 Apr '14 23:04 Post subject: |
|
|
I do not think that works because mod_ssl is also linked against libeay32 & ssleay32 DLLs. So take modules/mod_ssl also .... you will gain the changes to it as well. |
|
Back to top |
|
Qmpeltaty
Joined: 06 Feb 2008 Posts: 182 Location: Poland
|
Posted: Thu 10 Apr '14 23:27 Post subject: |
|
|
Should i take files from 2.4.9 V10 or V11 ?
Edit : When i tried of replacing the mod_ssl.so with dlls and exe i got this error :
Code: |
httpd.exe: Syntax error on line 162 of C:/Apache24/conf/httpd.conf: Cannot l
modules/mod_ssl.so into server: The specified procedure could not be found.
|
I had left the mod_ssl.so untouched, upgrading the dlls and exe only - it worked.
Update :
1. Upgrade 2.4.3 64bit V10 not working with dlls+exe from 2.4.9 64bit V11
2. Upgrade 2.4.9 64bit V11 (ssl - 1.0.1f) working with dlls+exe from 2.4.9 64bit V11 (ssl - 1.0.1g).
BTW : Really nice piece of article about this issue - http://www.troyhunt.com/2014/04/everything-you-need-to-know-about.html
Last edited by Qmpeltaty on Fri 11 Apr '14 0:32; edited 2 times in total |
|
Back to top |
|
glsmith Moderator
Joined: 16 Oct 2007 Posts: 2268 Location: Sun Diego, USA
|
Posted: Fri 11 Apr '14 0:05 Post subject: |
|
|
I always advise matching VC versions, regardless of what MS or anyone may say. So if your 2.4.3 is built with VC10, use the 2.4.9 VC10.
However, if that is what you did which did not work, and just upgrading the OpenSSL files worked, stick with that then. |
|
Back to top |
|
NewEraCracker
Joined: 23 Aug 2010 Posts: 36
|
Posted: Sat 12 Apr '14 1:54 Post subject: |
|
|
Hello,
Thanks for the update. I have applied it in my server without any problems.
From what I could see from a quick compare, the files that were changed in distribution are:
abs.exe
libeay32.dll
openssl.exe
ssleay32.dll
modules/mod_ssl.so
Regards,
NewEraCracker |
|
Back to top |
|
CamaroSS
Joined: 24 Jan 2013 Posts: 78 Location: RF, Tver
|
Posted: Wed 16 Apr '14 8:30 Post subject: |
|
|
Just curious, if this issue has any practical meaning with Apache on Windows, since there is one thread per connection? |
|
Back to top |
|