Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Apache 2.2.27 available :: Updated with OpenSSL 1.0.1g |
|
| Author |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU
|
 Posted: Sun 23 Mar '14 21:36 Post subject: Apache 2.2.27 available :: Updated with OpenSSL 1.0.1g |
 |
|
Apache 2.2.27 Win32 and Win64 VC9/VC10 are now available here at the download pages.
8 April 2014: Updated OpenSSL to 1.0.1g from 1.0.1f (see below)
Changelog http://www.apachelounge.com/Changelog.html
Documentation: http://httpd.apache.org/docs/2.2/
Apache 2.2 is "old" now. This 2.2 is just maintenance for those unable to upgrade to 2.4 at this time.
Consider this as the latest 2.2 release.
We consider the Apache HTTP Server 2.4.9 release to be the best version of Apache available, and encourage users of 2.0 and 2.2 versions to upgrade. More info 2.4, see http://httpd.apache.org/docs/2.4/ attention there when you want to Upgrade to 2.4.
When you have hangs, slow traffic and/or having in your log entries like Asynchronous AcceptEx failed. You can try the following settings:
Win32DisableAcceptEx
EnableSendfile Off
EnableMMAP off
Enjoy,
Steffen |
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU
|
| Posted: Tue 08 Apr '14 20:52 Post subject: |
|
|
Updated the builds with 1.0.1g OpenSSL from 1.0.1f.
Be sure you not download a cached former one, empty your browser cache.
Check the ReadMe.txt in the .zip.
The update fixes the serious vulnerability The Heartbleed Bug.
More info at: www.apachelounge.com/viewtopic.php?p=27305
Steffen
Changes between 1.0.1f and 1.0.1g
*) A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64k of memory to a connected client or
server (The Heartbleed Bug).
Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley and Bodo Moeller for preparing the fix (CVE-2014-0160)
*) Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140
Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
[Yuval Yarom and Naomi Benger]
*) TLS pad extension: draft-agl-tls-padding-03
Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the
TLS client Hello record length value would otherwise be > 255 and
less that 512 pad with a dummy extension containing zeroes so it
is at least 512 bytes long. [Adam Langley, Steve Henson] |
|
| Back to top |
|
feniix
Joined: 08 Apr 2014
Posts: 2
Location: Chicago
|
| Posted: Wed 09 Apr '14 15:39 Post subject: |
|
|
Hello Steffen,
Are you guys looking into a precise timeline to release 2.2.27 with openssl 1.0.1g for 32 bits with vc10 or vc9?
I reply to myself: it is already done.
I didn't see the first post.
Just a note, the descriptions in the download files (http://www.apachelounge.com/download/win32/) have not been updated to reflect the upgrade of openssl to 1.0.1g |
|
| Back to top |
|
admin
Site Admin
Joined: 15 Oct 2005
Posts: 692
|
| Posted: Wed 09 Apr '14 15:55 Post subject: |
|
|
The descriptions (Readme.txt) are up to date in the .zip's.
Be sure you not download the cached former one, empty your browser cache. |
|
| Back to top |
|
mlp
Joined: 06 Jun 2014
Posts: 4
|
| Posted: Fri 06 Jun '14 16:19 Post subject: Re: Apache 2.2.27 available :: Updated |
|
|
| Looking forward to 2.2.27 VC10 with OpenSSL 1.0.1h. We keep the windows servers on Apache 2.2 for consistency, since all mayor linux distributions still use 2.2. |
|
| Back to top |
|
|
|
|
|
|
