Hi Balaji,
Thanks a lot for your prompt response. Yes we already have 0.9.8t shipped with apache applied on our server. You are right we are trying to apply the patch for June 5 so ensure we are on latest SSL and as the default mod_ssl is for 0.9.8t it throws an error.
I guess as you said I would need to rebuild the mod_ssl myself as there is no formal release for the same support OpenSSL 1.0.1h as yet.
Thanks again.
From: Balaji Katika [mailto:balaji.katika@xxxxxxxxx]
Sent: 16 June 2014 13:53
To: users@xxxxxxxxxxxxxxxx
Subject: Re: [users@httpd] How to apply Open SSL openssl-1.0.1h to Apache 2.2.22
HI Pooja,
Looks like you are trying to apply the patch for June 5 OpenSSL vulnerabilities for you httpd server mentioned at https://www.openssl.org/
But I think the mod_ssl shipped default by apache httpd uses the OpenSSL/0.9.8t. And hence, we might need to apply the relevant 0.9.8za available through the website...
I suspect this could be the error in your case as you are attempting for OpenSSL 1.0.1h. Please rectify me if my analysis is not correct.
Further, I think the fix is about replacing the mod_ssl.so file located in the modules folder with the fixed new version of the .so file that is linked with OpenSSL 0.9.8za. I have googled and figured out that mod_ssl didn't release the new patch for this. Mostly likely, it looks like we need to rebuild mod_ssl ourselves (Just like apache httpd does !!) as mod_ssl has not released the .so file in the recent time (http://www.modssl.org/)
Regards
Balaji Katika
On Mon, Jun 16, 2014 at 6:07 PM, Pooja Kulkarni <P.Kulkarni@xxxxxxxxxxxxx> wrote:
Hi,
We have Apache 2.2.22 (Win32) on a Windows 2008 64 bit server. It currently has OpenSSL 0.9.8.
We are trying to apply the OpenSSL 1.0.1h on the same, after applying the open SSL and copying the relevant files to the bin directory of apache server, we are not able to start the server. It gives an mod_sso error.
Can you please advice how can we achieve the same?
Regards,
Pooja
Winner of the Global Trade Review award - Best Trade Finance Bank in West Africa 2009, 2010, 2011, 2012 & 2013 & Best Local Trade Finance Bank in West Africa 2013Internet communications are not secure and therefore FBN Bank (UK) Ltd does not accept legal responsibility for the contents of the message. Whilst FBN Bank (UK) Ltd operates anti virus software, it does not accept responsibility for any damage that is caused by viruses being passed.
This message and any attachments are strictly confidential to the normal user of the e-mail address to which it was addressed and may also be privileged. If you are not the addressee, you may not forward, copy, disclose or use any part of the message or attachments. If you have received this message in error, please immediately notify the sender by return e-mail and permanently delete it from your system. Any opinions contained in this message are those of the author and are not provided or endorsed by FBN Bank (UK) Ltd unless clearly indicated and the authority of the author to so bind FBN Bank (UK) Ltd is duly verified.
FBN Bank (UK) Limited is registered in England and Wales under company number 4459383 with its registered address at 28 Finsbury Circus, London EC2M 7DT.
FBN Bank (UK) Ltd is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority.
|