Hi, I'm hoping someone here can help. Our web server was recently scanned by a security company to make sure we are PCI compliant. They found two vulnerabilities, both related to the version of apache and openssl installed on our server. In order to bring the server up to PCI compliance we had to upgrade both apache and openssl. Apache was originally version 2.2.16 and openssl was 0.9.8n. I upgraded apache to 2.2.17 and openssl to 1.0.0a only to run into a problem starting Apache. When starting apache I get the following error.... [error] Unable to initialize TLS servername extension callback (incompatible OpenSSL version?) This system isn't a critical production system, but it is one that we use periodically for various web applications. I've exhausted every avenue of research I can think of. I've googled every possible permutation for this error message and the associated applications I can think of and have not been able to resolve this error. I've scanned through many mail archives and have tried all of their suggestions to no avail. Usually when I'm unable to find a specific solution to a problem like this, it means that it's something simple that I've overlooked and many others haven't. I'm at my wits end and hope that someone here can help me. Every document on Apache and Openssl I can find says that Apache supports SNI from 2.2.13 and later and openSSL supports it from 0.9.8 on up. My system stats are as follows.... uname output.... FreeBSD 8.1-STABLE FreeBSD 8.1-STABLE #15: Sat Sep 25 15:29:11 MDT 2010 Apache version... apache-2.2.17_1 OpenSSL version.... OpenSSL 1.0.0a 1 Jun 2010 I've reinstalled Apache and have checked the make output to be sure that it is compiling against the new version of OpenSSL 1.0.0a. I've checked the output of 'ldd /usr/local/libexec/apache22/mod_ssl.so' and it has been linked to the new OpenSSL 1.0.0a libraries. I appreciate whatever help and suggestions anyone can give. I look forward to your response. Thank you. Eric --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|