logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Apache/OpenSSL Debugging & Upgrading?
Author
andrewteg



Joined: 24 Jun 2014
Posts: 3
Location: Virginia, USA

PostPosted: Thu 11 Aug '16 22:09    Post subject: Apache/OpenSSL Debugging & Upgrading? Reply with quote

I'm hoping to upgrade our server which has a few dozen sub/domains from 2.4.12 to 2.4.23 mostly to get upgraded SSL and possibly move from VC11 to VC14.

Is this a worthwhile upgrade?

Should I be worried about anything if we go from VC11 to VC14?

As background, this came about b/c we failed an SSL test due to May's OpenSSL Padding Oracle vulnerability. To get around that, I replaced the 3 bin DLLs and openssl.exe from 1.0.1t that we had replaced last year due to Heartbleed. That seems to have passed the test but am I asking for trouble by running a mash-up here?

We also have one SSL site that started getting more traffic recently and is having random slowdowns that don't appear to affect non-SSL sites on the same server. We are getting a lot of "mod_fcgid: process #### graceful kill fail, sending SIGKILL" errors now in the Apache error.log file. I'm unsure if they are related as I've had trouble tracking that down or even knowing if I need to, but there were 60+ yesterday and only 3-4 a day a couple months ago, so it seems something is off.

Thanks for any help and tips,
Andrew
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3093
Location: Hilversum, NL, EU

PostPosted: Mon 15 Aug '16 10:45    Post subject: Reply with quote

It is advised to upgrade 2.4.23, see change log.

Upgrade to VC14 is also advised, no worry.

You should always replace OpenSSL files with the corresponding mod_ssl
Back to top


Reply to topic   Topic: Apache/OpenSSL Debugging & Upgrading? View previous topic :: View next topic
Post new topic   Forum Index -> Apache