logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> News & Hangout View previous topic :: View next topic
Reply to topic   Topic: Apache 2.4.26-Dev Win64 -- When Stable?
Author
alexjohnb



Joined: 26 Aug 2011
Posts: 22
Location: Middlesex University

PostPosted: Tue 02 May '17 11:32    Post subject: Apache 2.4.26-Dev Win64 -- When Stable? Reply with quote

Hi Steffen,

When will the "Apache 2.4.26-Dev Win64" be reclassified as a Production release? Or would you advise that if we need to get Apache running on Windows with OpenSSL 1.1.0, then we should deploy this release on a production server?

Many thanks!

Regards,

Alex
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3049
Location: Hilversum, NL, EU

PostPosted: Tue 02 May '17 12:21    Post subject: Reply with quote

ASF is in the process to get it final, no crucial changes are expected.
Next month final I expect.

But abs.exe is not working with 1.1.0, that is maybe not a big deal. Hope it is fixed before final.

And mod_session_crypto is only now working with APR & APR-UTIL 1.6, so planned is to ship (as we do now) the next final 2.4.x with APR & APR-UTIL 1.6.1-dev.

Planned:

VC11/14 only with OpenSSL 1.0.2
VC15 only with OpenSSL 1.1.0

This in line with the PHP-team policy, which we follow:

PHP 7.2 vc15 with OpenSSL 1.1.0
PHP 7.1 vc14 with Openssl 1.0.2
PHP 5.6 vc11 with OpenSSL 1.0.2

In principal we could drop VC14 and have only vc15 1.0.2 and 1.1.0:

vc15 is backward compatible to vc14. That means, a vc14 module can sure be used inside vc15 binary. Thus, same for Apache and PHP as module. Regarding OpenSSL - the applink technology I introduced back then is in first place about staying compatible with different CRT. Even if it is promised to provide also compatibility between different versions, we've seen that it's not always true, recall the case where OpenSSL broke ABI by disabling weak ciphers.

Thus - in general dropping is OK, as long as the OpenSSL series matches, say both PHP and Apache are linked with either 1.0, or both with 1.1. For FCGI it of course doesn't matter, but for PHP as module. As httpd.exe provides the applink symbol, the PHP DLL will find it and possibly use incompatible routines. With this in mind, I wouldn't expect any issues if both bins are linked with same OpenSSL series. At apachelounge it is tested a no issues.
Back to top
Jan-E



Joined: 09 Mar 2012
Posts: 1248
Location: Amsterdam, NL, EU

PostPosted: Tue 02 May '17 17:12    Post subject: Re: Apache 2.4.26-Dev Win64 -- When Stable? Reply with quote

alexjohnb wrote:
When will the "Apache 2.4.26-Dev Win64" be reclassified as a Production release? Or would you advise that if we need to get Apache running on Windows with OpenSSL 1.1.0, then we should deploy this release on a production server?

Just curious: why do you need OpenSSL 1.1.0? OpenSSL 1.0.2 has a longer lifetime:
https://www.openssl.org/policies/releasestrat.html
Back to top
Jan-E



Joined: 09 Mar 2012
Posts: 1248
Location: Amsterdam, NL, EU

PostPosted: Tue 09 May '17 18:06    Post subject: Reply with quote

I did not test it yet, but would it be possible to drop TLSv1 and TLSv1.1 support after switching to OpenSSL 1.1.0?

Somebody in php.internals noticed that quite a bit of websites are switching to TLS v1.2 only.
See https://externals.io/thread/864

BTW: OpenSSL 1.1.1 will be binary compatible with OpenSSL 1.1.0 and support TLS v1.3:
https://www.openssl.org/blog/blog/2017/05/04/tlsv1.3/
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7288
Location: Germany, Next to Hamburg

PostPosted: Sun 14 May '17 12:15    Post subject: Reply with quote

Jan-E wrote:
I did not test it yet, but would it be possible to drop TLSv1 and TLSv1.1 support after switching to OpenSSL 1.1.0?


I made some tests over the last weeks with positiv results running ony TLSv1.2

Only some very old Android users were not able to connect.
Back to top
daniel1975



Joined: 05 Feb 2006
Posts: 24
Location: RO, Lugoj

PostPosted: Tue 13 Jun '17 23:40    Post subject: Re: Apache 2.4.26-Dev Win64 -- When Stable? Reply with quote

Any news regarding a stable/production release of Apache 2.4.26?
Back to top
tavrez



Joined: 06 May 2017
Posts: 6

PostPosted: Wed 14 Jun '17 2:29    Post subject: Re: Apache 2.4.26-Dev Win64 -- When Stable? Reply with quote

2.4.26 tagged today, which means it's almost stable and we see an official release soon
Back to top
daniel1975



Joined: 05 Feb 2006
Posts: 24
Location: RO, Lugoj

PostPosted: Wed 14 Jun '17 10:15    Post subject: Apache 2.4.26 almost production Reply with quote

Thanks tavrez for the good news!
I am looking forward to have it soon.
Back to top


Reply to topic   Topic: Apache 2.4.26-Dev Win64 -- When Stable? View previous topic :: View next topic
Post new topic   Forum Index -> News & Hangout