Re: [users@httpd] Apache 1.3 and OpenSSL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



<oops - have switched Gmail to plain text now>

Each of the versions of Apache/mod_ssl/OpenSSL that I'm using have
been periodically updated with essential security updates (so while
it's Apache 1.3.12 as a baseline, it's not quite that ancient). 
However, it can be hard to tell exactly *which* patches have been
applied.

You're completely right, though - this is a horrible situation :-)

What I've really been looking for is some kind of statement that
OpenSSL version X is only compatible with mod_ssl version X (and
later).  Like I said before, I know that Apache and mod_ssl are
closely tied together, but have never seen anything that notes the
'dependencies' between Apache/mod_ssl and OpenSSL.

Thanks for your response.
Simon

On 11/9/05, Boyle Owen <Owen.Boyle@xxxxxxx> wrote:
> Plain text please...
>
> This basically amounts to asking whether the API for openssl 0.9.8a is backwards compatible as far as 0.9.5a - that is, there are various function calls in mod_ssl 2.6.6 which expect to be understood by the OpenSSL library. If the interface to the library has changed at all since April 2000, the answer will be "no" (I'd be astonished if it is "yes").
>
> It is not unusual for people to be a version or two behind with their various apache components, but you seem to be in an extremely complicated position. Apache 1.3.12 is not only ancient (July 2000), by comparison with a modern version, it is buggy and insecure. You are doing no-one a favour by keeping it on the internet. Rather than pottering about trying to fit a hydrogen fuel cell to a Morris 1000 Traveller, I would invest the effort in modifying whatever application that forces you to use apache 1.3.12 so you can upgrade apache to a recent version.
>
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message may be ignored.
>
>
> -----Original Message-----
> From: Simon Irwin [mailto:simonirwin74@xxxxxxxxx]
> Sent: Mittwoch, 9. November 2005 15:03
> To: users@xxxxxxxxxxxxxxxx
> Subject: [users@httpd] Apache 1.3 and OpenSSL
>
>
> Hi All -
>
> I'm using a very old version of Apache - 1.3.12 and mod_ssl 2.6.6.  For historical reasons I cannot upgrade to newer versions.
>
> However, I may soon need to upgrade my OpenSSL version from 0.9.5a to 0.9.8a.  I know this is a strange position to be in.
>
> So I have a couple of questions.  Does anyone know whether Apache 1.3.12 (with mod_ssl 2.6.6) will work with OpenSSL 0.9.8a?  Are there any known compatibility issues?
>
> Any feedback  would be greatly appreciated.
> thanks
> Simon
> Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal nature. It is not related to the exchange or business activities of the SWX Group. Le présent e-mail est un message privé et personnel, sans rapport avec l'activité boursière du Groupe SWX.
>
>
> This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux