Hi All,Good Morning.I am to new Apache Users mailing list. I have described the issue I am facing to support TLSv1.2Currently, our product use Apache 2.2.12 provided by SLES 11sp3.We are doing a securing hardening now by enabling only TLSv1.2 protocol and disabling other protocols. I tried to configure "SSLProtocol TLSv1.2". But after apache restart, it throws an error "invalid protocol". I came to know that mod_ssl refers openssl 0.9.8 version, though we have latest openssl 1.0.1(which supports TLSv1.2). The mod_ssl loads openssl0.9.8 always.It seems the latest Apache version 2.4.x supports TLSv1.2. But this apache version is available in SLES 12 only which wont be available for us for another 6 months.So, we dropped this option.So, the procurement team advised us to use mod_nss which can support TLSv1.2 with Apache 2.2.12. We started the migration from mod_ssl to mod_nss and everything went well, but the directive "SSLVerifyClient optional_no_ca" is not available with mod_nss. It provides only none,optional,require.So, we are blocked on this and could not migrate to mod_nss.Can you please suggest how to overcome this issue.Now, we are looking for Apache rpm (2.2.x) and its dependency rpms which supports TLSv1.2 on Linux. I googled and could not find the rpms for Linux but only source code available to compile. I tried compiling it but I got lot of dependency issues for which I could not get dependent rpms from net. Also I could not find docs to guide how to compile and install.Could you please share your inputs or solutions on this issue if you had encountered before.Thanks in Advance.Regards,Mohan
|