| Author |
|
alexjohnb
Joined: 26 Aug 2011
Posts: 22
Location: Middlesex University
|
 Posted: Tue 02 May '17 11:32 Post subject: Apache 2.4.26-Dev Win64 -- When Stable? |
 |
|
Hi Steffen,
When will the "Apache 2.4.26-Dev Win64" be reclassified as a Production release? Or would you advise that if we need to get Apache running on Windows with OpenSSL 1.1.0, then we should deploy this release on a production server?
Many thanks!
Regards,
Alex |
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU
|
| Posted: Tue 02 May '17 12:21 Post subject: |
|
|
ASF is in the process to get it final, no crucial changes are expected.
Next month final I expect.
But abs.exe is not working with 1.1.0, that is maybe not a big deal. Hope it is fixed before final.
And mod_session_crypto is only now working with APR & APR-UTIL 1.6, so planned is to ship (as we do now) the next final 2.4.x with APR & APR-UTIL 1.6.1-dev.
Planned:
VC11/14 only with OpenSSL 1.0.2
VC15 only with OpenSSL 1.1.0
This in line with the PHP-team policy, which we follow:
PHP 7.2 vc15 with OpenSSL 1.1.0
PHP 7.1 vc14 with Openssl 1.0.2
PHP 5.6 vc11 with OpenSSL 1.0.2
In principal we could drop VC14 and have only vc15 1.0.2 and 1.1.0:
vc15 is backward compatible to vc14. That means, a vc14 module can sure be used inside vc15 binary. Thus, same for Apache and PHP as module. Regarding OpenSSL - the applink technology I introduced back then is in first place about staying compatible with different CRT. Even if it is promised to provide also compatibility between different versions, we've seen that it's not always true, recall the case where OpenSSL broke ABI by disabling weak ciphers.
Thus - in general dropping is OK, as long as the OpenSSL series matches, say both PHP and Apache are linked with either 1.0, or both with 1.1. For FCGI it of course doesn't matter, but for PHP as module. As httpd.exe provides the applink symbol, the PHP DLL will find it and possibly use incompatible routines. With this in mind, I wouldn't expect any issues if both bins are linked with same OpenSSL series. At apachelounge it is tested a no issues. |
|
| Back to top |
|
Jan-E
Joined: 09 Mar 2012
Posts: 1265
Location: Amsterdam, NL, EU
|
| Posted: Tue 02 May '17 17:12 Post subject: Re: Apache 2.4.26-Dev Win64 -- When Stable? |
|
|
| alexjohnb wrote: | | When will the "Apache 2.4.26-Dev Win64" be reclassified as a Production release? Or would you advise that if we need to get Apache running on Windows with OpenSSL 1.1.0, then we should deploy this release on a production server? |
Just curious: why do you need OpenSSL 1.1.0? OpenSSL 1.0.2 has a longer lifetime:
https://www.openssl.org/policies/releasestrat.html |
|
| Back to top |
|
Jan-E
Joined: 09 Mar 2012
Posts: 1265
Location: Amsterdam, NL, EU
|
| Posted: Tue 09 May '17 18:06 Post subject: |
|
|
I did not test it yet, but would it be possible to drop TLSv1 and TLSv1.1 support after switching to OpenSSL 1.1.0?
Somebody in php.internals noticed that quite a bit of websites are switching to TLS v1.2 only.
See https://externals.io/thread/864
BTW: OpenSSL 1.1.1 will be binary compatible with OpenSSL 1.1.0 and support TLS v1.3:
https://www.openssl.org/blog/blog/2017/05/04/tlsv1.3/ |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Sun 14 May '17 12:15 Post subject: |
|
|
| Jan-E wrote: | I did not test it yet, but would it be possible to drop TLSv1 and TLSv1.1 support after switching to OpenSSL 1.1.0?
|
I made some tests over the last weeks with positiv results running ony TLSv1.2
Only some very old Android users were not able to connect. |
|
| Back to top |
|
daniel1975
Joined: 05 Feb 2006
Posts: 24
Location: RO, Bucharest
|
| Posted: Tue 13 Jun '17 23:40 Post subject: Re: Apache 2.4.26-Dev Win64 -- When Stable? |
|
|
| Any news regarding a stable/production release of Apache 2.4.26? |
|
| Back to top |
|
tavrez
Joined: 06 May 2017
Posts: 6
|
| Posted: Wed 14 Jun '17 2:29 Post subject: Re: Apache 2.4.26-Dev Win64 -- When Stable? |
|
|
| 2.4.26 tagged today, which means it's almost stable and we see an official release soon |
|
| Back to top |
|
daniel1975
Joined: 05 Feb 2006
Posts: 24
Location: RO, Bucharest
|
| Posted: Wed 14 Jun '17 10:15 Post subject: Apache 2.4.26 almost production |
|
|
Thanks tavrez for the good news!
I am looking forward to have it soon. |
|
| Back to top |
|
