Hello,
So in trying to configure a apache server's ssl I've run into the issue that I can't enable TLSv1.1/1.2. I get an error from apache. Looking around I found the following:
https://securityblog.redhat.com/2013/12/11/tlsv1-1-and-tlsv1-2-now-available...
Which states that httpd 2.2.23 and openssl-1.0.1 will get this working, and should be in RHEL 6.5. However I can't find any httpd newer than 2.2.15 anywhere.
Anyone know what's going on?
On Thu, 2014-09-18 at 10:00 -0600, Nathanael D. Noblet wrote:
Hello,
So in trying to configure a apache server's ssl I've run into the issue that I can't enable TLSv1.1/1.2. I get an error from apache. Looking around I found the following:
https://securityblog.redhat.com/2013/12/11/tlsv1-1-and-tlsv1-2-now-available...
Which states that httpd 2.2.23 and openssl-1.0.1 will get this working, and should be in RHEL 6.5. However I can't find any httpd newer than 2.2.15 anywhere.
Anyone know what's going on?
So it seems that it allows TLSv1.1 or TLSv1.2 but you can't specify it in the SSLProtocol line. False alarm. So it seems the httpd version is not required as mentioned in that blog.
-- Nathanael
Am 18.09.2014 um 18:12 schrieb Nathanael D. Noblet:
On Thu, 2014-09-18 at 10:00 -0600, Nathanael D. Noblet wrote:
Hello,
So in trying to configure a apache server's ssl I've run into the issue that I can't enable TLSv1.1/1.2. I get an error from apache. Looking around I found the following:
https://securityblog.redhat.com/2013/12/11/tlsv1-1-and-tlsv1-2-now-available...
Which states that httpd 2.2.23 and openssl-1.0.1 will get this working, and should be in RHEL 6.5. However I can't find any httpd newer than 2.2.15 anywhere.
Anyone know what's going on?
RH backports those changes/fixes to the version released in EL6. That is 2.2.15 and will very likely remain that way for the rest of the lifetime of EL6. You can't really compare upstream httpd versions and EL versions.
Cheers Christoph
On Thu, 2014-09-18 at 18:16 +0200, Christoph Galuschka wrote:
RH backports those changes/fixes to the version released in EL6. That is 2.2.15 and will very likely remain that way for the rest of the lifetime of EL6. You can't really compare upstream httpd versions and EL versions.
Yeah, I was aware of the backport nature of RHEL. My confusion came because the blog post is a redhat.com domain and specifically stated the http version required. It also said to add the +TLSv1.1/2 to the SSLProtocol line. Which resulted in an error message from Apache.
When running a ssl configuration tester against it I can see that TLSv1.1 and 1.2 are available dependent on the cipher suites so it looks like it is backported but the blog post details are inaccurate.
Sorry for the noise.
-
Christoph Galuschka -
Nathanael D. Noblet