[CentOS] CentOS 6 - httpd 2.2.29

Thu Dec 18 05:31:02 UTC 2014
Jake Shipton <jakems at fedoraproject.org>

On 16/12/14 18:15, Alexander Dalloz wrote:
> Am 16.12.2014 um 16:03 schrieb For at ll:
>> On 15.12.2014 12:50, Steve Clark wrote:
>>> On 12/15/2014 05:51 AM, For at ll wrote:
>>>> Hi
>>>>
>>>> I had a two repo for cento6 where I can download httpd 2.2.29,
>>>> (baseurl=http://centos.alt.ru/repository/centos/6/$basearch/) and
>>>> baseurl=http://mirror.fserver.ru/centos-repo/6/$basearch
>>>>
>>>> For now this repo is not active, any other repo have 2.2.29 rpm which I
>>>> can add to my repo....
>>>>
>>>>
>>> Have you tried
>>> http://ghettoforge.org/index.php/Main_Page
>>>
>> Stephen I add this repo but I can't find them httpd 2.2.29 only in
>> 2.2.15 version...
> 
> What do you expect from Apache 2.2.29 in contrast to the version
> provided by CentOS?
> 
> If it is just about to get the latest release you probably haven't heard
> about
> 
> https://access.redhat.com/security/updates/backporting
> 
> There is no real need to use 2.2.29 opposed to 2.2.15 from CentOS.
> 
> Alexander
> 
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

Hi Alex,

In this situation 2.2.29 actually does offer an advantage over CentOS
version 2.2.15.

The version provided by CentOS does not support Forward Secrecy for SSL
or TLS 1.2.

Version 2.2.24+ of upstream Apache includes patches which enable both
Forward Secrecy and TLS 1.2.

Now that C6's OpenSSL can also support both TLS 1.2, and Forward
Secrecy, upgrading Apache slightly to be able to use both of those is a
very viable option.

Although, in my case I cheat, I compile my own 2.2.29 RPM and then apply
any missing patches and new security patches from RHEL sources myself to
get the best of both worlds.

Kind Regards,
Jake Shipton (JakeMS)
GPG Key: 0xE3C31D8F
GPG Fingerprint: 7515 CC63 19BD 06F9 400A DE8A 1D0B A5CF E3C3 1D8F