| Author |
|
mrdj1024
Joined: 03 Apr 2023
Posts: 54
Location: Bridgeton,NJ,USA
|
 Posted: Tue 13 Jun '23 7:52 Post subject: PHP openssl versions questions |
 |
|
hello!
so i am using the latest apache build from here with wampserver,the server states "Apache/2.4.57 (Win64) OpenSSL/3.1.1 configured -- resuming normal operations"
but when i open a php info it states "OpenSSL 1.1.1t 7 Feb 2023"
i am using php 8.1.20 with mod_php
would using mod_fcgid resolve this issue?
im confused as to what openssl version is actually used on my website. |
|
| Back to top |
|
Otomatic
Joined: 01 Sep 2011
Posts: 212
Location: Paris, France, EU
|
| Posted: Tue 13 Jun '23 9:32 Post subject: |
|
|
Hi,
To use PHP 8.1.20, which supports openssl 1.1.1, with Apache 2.4.57, which supports openssl 3.1.1, as an Apache module, you need to create symbolic links in the Apache bin folder to the openssl 1.1.1 dlls of the PHP version you're using, which is done automatically with Wampserver.
This is in no way a defect or a problem; it's a way of using PHP versions lower than 8.2.0 with Apache versions that only support openssl 3.1.
In the Apache module, if the PHP version supports openssl 3.1, the Apache dlls will be used. If the PHP version does not support openssl 3.1, the PHP version dlls will be used. |
|
| Back to top |
|
Otomatic
Joined: 01 Sep 2011
Posts: 212
Location: Paris, France, EU
|
| Posted: Tue 13 Jun '23 11:57 Post subject: |
|
|
Hi,
Here's an example with Apache 2.4.57.3
apache/bin/ folder just after installing version apache 2.4.57.3 :
| Code: | The volume in drive E is called SATA_1_E
The volume's serial number is F491-4AA3
E:\wamp64\bin\apache2.4.57.3\bin directory
13/06/2023 11:37 <DIR> .
13/06/2023 11:37 <DIR> ..
31/05/2023 10:51 98 816 ab.exe
31/05/2023 10:51 111 104 abs.exe
31/05/2023 10:51 43 008 ApacheMonitor.exe
31/05/2023 10:48 19 456 apr_crypto_openssl-1.dll
31/05/2023 10:48 31 744 apr_dbd_odbc-1.dll
31/05/2023 10:48 14 848 apr_ldap-1.dll
31/05/2023 10:52 9 192 dbmmanage.pl
31/05/2023 10:51 101 888 htcacheclean.exe
31/05/2023 10:51 124 416 htdbm.exe
31/05/2023 10:51 86 016 htdigest.exe
31/05/2023 10:51 118 272 htpasswd.exe
31/05/2023 10:52 30 720 httpd.exe
31/05/2023 10:51 65 536 httxt2dbm.exe
07/11/2022 11:40 55 296 jansson.dll
31/05/2023 10:47 216 064 libapr-1.dll
31/05/2023 10:47 36 864 libapriconv-1.dll
31/05/2023 10:48 293 376 libaprutil-1.dll
31/05/2023 09:38 6 093 824 libcrypto-3-x64.dll
03/04/2023 10:16 545 280 libcurl.dll
31/05/2023 10:48 461 824 libhttpd.dll
31/05/2023 09:46 778 240 libssl-3-x64.dll
07/11/2022 11:44 1 363 968 libxml2.dll
31/05/2023 10:51 58 368 logresolve.exe
07/11/2022 13:51 238 080 lua54.dll
06/03/2023 11:48 156 672 nghttp2.dll
31/05/2023 09:49 721 920 openssl.exe
07/11/2022 12:10 401 920 pcre.dll
09/01/2023 12:13 536 576 pcre2-8.dll
31/05/2023 10:51 79 360 rotatelogs.exe
31/05/2023 10:51 18 944 wintty.exe
05/11/2022 12:24 468 480 yajl.dll
07/11/2022 11:29 90 112 zlib1.dll
32 file(s) 13 470 184 bytes
|
The same folder after setting PHP 8.2.7 as the apache module:
| Code: | The volume in drive E is called SATA_1_E
The volume's serial number is F491-4AA3
E:\wamp64\bin\apache2.4.57.3\bin directory
13/06/2023 11:46 <DIR> .
13/06/2023 11:46 <DIR> ..
31/05/2023 10:51 98 816 ab.exe
31/05/2023 10:51 111 104 abs.exe
31/05/2023 10:51 43 008 ApacheMonitor.exe
31/05/2023 10:48 19 456 apr_crypto_openssl-1.dll
31/05/2023 10:48 31 744 apr_dbd_odbc-1.dll
31/05/2023 10:48 14 848 apr_ldap-1.dll
31/05/2023 10:52 9 192 dbmmanage.pl
31/05/2023 10:51 101 888 htcacheclean.exe
31/05/2023 10:51 124 416 htdbm.exe
31/05/2023 10:51 86 016 htdigest.exe
31/05/2023 10:51 118 272 htpasswd.exe
31/05/2023 10:52 30 720 httpd.exe
31/05/2023 10:51 65 536 httxt2dbm.exe
13/06/2023 11:46 <SYMLINK> icudt71.dll [E:/wamp64/bin/php/php8.2.7/icudt71.dll]
13/06/2023 11:46 <SYMLINK> icuin71.dll [E:/wamp64/bin/php/php8.2.7/icuin71.dll]
13/06/2023 11:46 <SYMLINK> icuio71.dll [E:/wamp64/bin/php/php8.2.7/icuio71.dll]
13/06/2023 11:46 <SYMLINK> icuuc71.dll [E:/wamp64/bin/php/php8.2.7/icuuc71.dll]
07/11/2022 11:40 55 296 jansson.dll
31/05/2023 10:47 216 064 libapr-1.dll
31/05/2023 10:47 36 864 libapriconv-1.dll
31/05/2023 10:48 293 376 libaprutil-1.dll
31/05/2023 09:38 6 093 824 libcrypto-3-x64.dll
03/04/2023 10:16 545 280 libcurl.dll
31/05/2023 10:48 461 824 libhttpd.dll
13/06/2023 11:46 <SYMLINK> libpq.dll [E:/wamp64/bin/php/php8.2.7/libpq.dll]
13/06/2023 11:46 <SYMLINK> libsasl.dll [E:/wamp64/bin/php/php8.2.7/libsasl.dll]
13/06/2023 11:46 <SYMLINK> libsodium.dll [E:/wamp64/bin/php/php8.2.7/libsodium.dll]
13/06/2023 11:46 <SYMLINK> libsqlite3.dll [E:/wamp64/bin/php/php8.2.7/libsqlite3.dll]
13/06/2023 11:46 <SYMLINK> libssh2.dll [E:/wamp64/bin/php/php8.2.7/libssh2.dll]
31/05/2023 09:46 778 240 libssl-3-x64.dll
07/11/2022 11:44 1 363 968 libxml2.dll
31/05/2023 10:51 58 368 logresolve.exe
07/11/2022 13:51 238 080 lua54.dll
06/03/2023 11:48 156 672 nghttp2.dll
31/05/2023 09:49 721 920 openssl.exe
07/11/2022 12:10 401 920 pcre.dll
09/01/2023 12:13 536 576 pcre2-8.dll
13/06/2023 11:46 <SYMLINK> php.ini [E:/wamp64/bin/php/php8.2.7/phpForApache.ini]
13/06/2023 11:46 <SYMLINK> php8ts.dll [E:/wamp64/bin/php/php8.2.7/php8ts.dll]
31/05/2023 10:51 79 360 rotatelogs.exe
31/05/2023 10:51 18 944 wintty.exe
05/11/2022 12:24 468 480 yajl.dll
07/11/2022 11:29 90 112 zlib1.dll
43 files(s) 13 470 184 octets
|
Note the symbolic links (<SYMLINK>)
Now the same folder but with PHP 8.0.29 (which only supports openssl 1.1) as apache module
| Code: | The volume in drive E is called SATA_1_E
The volume's serial number is F491-4AA3
E:\wamp64\bin\apache2.4.57.3\bin directory
13/06/2023 11:50 <DIR> .
13/06/2023 11:50 <DIR> ..
31/05/2023 10:51 98 816 ab.exe
31/05/2023 10:51 111 104 abs.exe
31/05/2023 10:51 43 008 ApacheMonitor.exe
31/05/2023 10:48 19 456 apr_crypto_openssl-1.dll
31/05/2023 10:48 31 744 apr_dbd_odbc-1.dll
31/05/2023 10:48 14 848 apr_ldap-1.dll
31/05/2023 10:52 9 192 dbmmanage.pl
31/05/2023 10:51 101 888 htcacheclean.exe
31/05/2023 10:51 124 416 htdbm.exe
31/05/2023 10:51 86 016 htdigest.exe
31/05/2023 10:51 118 272 htpasswd.exe
31/05/2023 10:52 30 720 httpd.exe
31/05/2023 10:51 65 536 httxt2dbm.exe
13/06/2023 11:50 <SYMLINK> icudt68.dll [E:/wamp64/bin/php/php8.0.29/icudt68.dll]
13/06/2023 11:50 <SYMLINK> icuin68.dll [E:/wamp64/bin/php/php8.0.29/icuin68.dll]
13/06/2023 11:50 <SYMLINK> icuio68.dll [E:/wamp64/bin/php/php8.0.29/icuio68.dll]
13/06/2023 11:50 <SYMLINK> icuuc68.dll [E:/wamp64/bin/php/php8.0.29/icuuc68.dll]
07/11/2022 11:40 55 296 jansson.dll
31/05/2023 10:47 216 064 libapr-1.dll
31/05/2023 10:47 36 864 libapriconv-1.dll
31/05/2023 10:48 293 376 libaprutil-1.dll
13/06/2023 11:50 <SYMLINK> libcrypto-1_1-x64.dll [E:/wamp64/bin/php/php8.0.29/libcrypto-1_1-x64.dll]
31/05/2023 09:38 6 093 824 libcrypto-3-x64.dll
03/04/2023 10:16 545 280 libcurl.dll
31/05/2023 10:48 461 824 libhttpd.dll
13/06/2023 11:50 <SYMLINK> libpq.dll [E:/wamp64/bin/php/php8.0.29/libpq.dll]
13/06/2023 11:50 <SYMLINK> libsasl.dll [E:/wamp64/bin/php/php8.0.29/libsasl.dll]
13/06/2023 11:50 <SYMLINK> libsodium.dll [E:/wamp64/bin/php/php8.0.29/libsodium.dll]
13/06/2023 11:50 <SYMLINK> libsqlite3.dll [E:/wamp64/bin/php/php8.0.29/libsqlite3.dll]
13/06/2023 11:50 <SYMLINK> libssh2.dll [E:/wamp64/bin/php/php8.0.29/libssh2.dll]
13/06/2023 11:50 <SYMLINK> libssl-1_1-x64.dll [E:/wamp64/bin/php/php8.0.29/libssl-1_1-x64.dll]
31/05/2023 09:46 778 240 libssl-3-x64.dll
07/11/2022 11:44 1 363 968 libxml2.dll
31/05/2023 10:51 58 368 logresolve.exe
07/11/2022 13:51 238 080 lua54.dll
06/03/2023 11:48 156 672 nghttp2.dll
31/05/2023 09:49 721 920 openssl.exe
07/11/2022 12:10 401 920 pcre.dll
09/01/2023 12:13 536 576 pcre2-8.dll
13/06/2023 11:50 <SYMLINK> php.ini [E:/wamp64/bin/php/php8.0.29/phpForApache.ini]
13/06/2023 11:50 <SYMLINK> php8ts.dll [E:/wamp64/bin/php/php8.0.29/php8ts.dll]
31/05/2023 10:51 79 360 rotatelogs.exe
31/05/2023 10:51 18 944 wintty.exe
05/11/2022 12:24 468 480 yajl.dll
07/11/2022 11:29 90 112 zlib1.dll
45 files(s) 13 470 184 octets
|
Note the symbolic links to libcrypto-1.1-x64.dll and libssl-1_1-x64.dll in PHP 8.0.29. |
|
| Back to top |
|
mrdj1024
Joined: 03 Apr 2023
Posts: 54
Location: Bridgeton,NJ,USA
|
| Posted: Tue 13 Jun '23 12:52 Post subject: |
|
|
thankyou for your reply!
so what should i copy to my php 8.1 folder to force the use of openssl 3.1.1 instead or the 1.1 branch? |
|
| Back to top |
|
Otomatic
Joined: 01 Sep 2011
Posts: 212
Location: Paris, France, EU
|
| Posted: Tue 13 Jun '23 13:45 Post subject: |
|
|
Hi,
This is not possible!
PHP 8.1 does not support openssl 3.1
openssl 3.1 is only supported as of PHP 8.2.0 |
|
| Back to top |
|
Jan-E
Joined: 09 Mar 2012
Posts: 1265
Location: Amsterdam, NL, EU
|
| Posted: Tue 13 Jun '23 16:20 Post subject: |
|
|
| Otomatic wrote: | PHP 8.1 does not support openssl 3.1
openssl 3.1 is only supported as of PHP 8.2.0 |
Hmmm. The plans of the PHP devs stated that PHP 8.1 would be compiled with OpenSSL 3.0 on Windows as well:
https://externals.io/message/119305
If PHP 8.1 could be compiled with OpenSSL 3.0, chances are high that OpenSSL 3.1 should also work OK.
BTW: Even PHP 8.3.0 Alpha 1 for Windows is built with OpenSSL 3.0. In fact: 3.0.8. |
|
| Back to top |
|
Otomatic
Joined: 01 Sep 2011
Posts: 212
Location: Paris, France, EU
|
| Posted: Wed 14 Jun '23 9:31 Post subject: |
|
|
Hi,
All PHP 8.1 binaries for Windows come with the openssl 1.1 dlls:
libcrypto-1_1-x64.dll
libssl-1_1-x64.dll
As explained above, if Wampserver uses a PHP version lower than 8.2.0 as a PHP module for Apache, symbolic links are created on the openssl 1.1 dlls of the PHP version.
Try:
With Apache 2.4.57.3, the PHP version module Apache 8.1.20 and symbolic links are created on the openssll 1.1 dlls mentioned above.
My local https sites pose no problem.
Let's remove the two symbolic links on the openssl 1.1 dlls and restart Apache.
In the apache/bin folder there are only the openssll 3.1 dlls:
libcrypto-3-x64.dll
libssl-3-x64.dll
and my local https sites still work without a hitch.
Does this mean that PHP 8.1.20 uses Apache openssl 3.1?
As I don't have the necessary skills, I wouldn't know! |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Wed 14 Jun '23 10:10 Post subject: |
|
|
| Yet another reason to use mod_fcgid to escape the dependency hell. |
|
| Back to top |
|
Otomatic
Joined: 01 Sep 2011
Posts: 212
Location: Paris, France, EU
|
| Posted: Wed 14 Jun '23 11:49 Post subject: |
|
|
| James Blond wrote: | | Yet another reason to use mod_fcgid to escape the dependency hell. |
I'm convinced of it! |
|
| Back to top |
|
mrdj1024
Joined: 03 Apr 2023
Posts: 54
Location: Bridgeton,NJ,USA
|
| Posted: Wed 14 Jun '23 18:09 Post subject: |
|
|
if i switch to FCGID would php 8.1 use the newer openssl version?
i've been hesitant to using fcgid as im not overly sure how to fine tune the parameters.
but if it is possible then i would make the switch. |
|
| Back to top |
|
Jan-E
Joined: 09 Mar 2012
Posts: 1265
Location: Amsterdam, NL, EU
|
| Posted: Wed 14 Jun '23 19:43 Post subject: |
|
|
| James Blond wrote: | | Yet another reason to use mod_fcgid to escape the dependency hell. |
Nevertheless, I do not think it is wise when Apachelounge uses another main branch of OpenSSL than what PHP uses for PHP 8.2 and PHP 8.3. I have asked the PHP devs to provide clarity: https://externals.io/message/119305#120565 |
|
| Back to top |
|
admin
Site Admin
Joined: 15 Oct 2005
Posts: 692
|
| Posted: Wed 14 Jun '23 20:17 Post subject: |
|
|
I think we do not have a real issue.
Otomatic explains above to use symbolic links to use 3.1.x with other php versions.
Maybe Otomatic can instruct how to make such symbolic links. Then we can put that in the readme of the download, and in the announcement. |
|
| Back to top |
|
Jan-E
Joined: 09 Mar 2012
Posts: 1265
Location: Amsterdam, NL, EU
|
| Posted: Wed 14 Jun '23 22:30 Post subject: |
|
|
| admin wrote: | Otomatic explains above to use symbolic links to use 3.1.x with other php versions.
Maybe Otomatic can instruct how to make such symbolic links. Then we can put that in the readme of the download, and in the announcement. |
Otomatic did not show a symlink between OpenSSL 3.1.x (apache/bin) and OpenSSL 3.0.x (PHP 8.2/8.3). And I would strongly advice against doing that. There is a reason that they are from different main branches. The only safe way is to build both Apache and PHP with OpenSSL from the same main branch.
And symlinking between OpenSSL 1.1.1x (PHP 8.0/8.1) and OpenSSL 3.1.x (apache/bin) is even more dangerous.
| Otomatic wrote: | Does this mean that PHP 8.1.20 uses Apache openssl 3.1?
As I don't have the necessary skills, I wouldn't know! |
|
|
| Back to top |
|
mrdj1024
Joined: 03 Apr 2023
Posts: 54
Location: Bridgeton,NJ,USA
|
| Posted: Wed 14 Jun '23 23:01 Post subject: |
|
|
oh wow this thread is getting very interesting!
how do you think that using different openssl versions could be dangerous?
and if this is the case then how would we go about ensuring that the php and apache dlls are the same ones?
php 8.0 and 8.1 are still widely used,i myself use php 8.1 as the apps i use on my site arent 8.2 compatible yet. |
|
| Back to top |
|
Jan-E
Joined: 09 Mar 2012
Posts: 1265
Location: Amsterdam, NL, EU
|
| Posted: Wed 14 Jun '23 23:25 Post subject: |
|
|
| mrdj1024 wrote: |
how do you think that using different openssl versions could be dangerous?
and if this is the case then how would we go about ensuring that the php and apache dlls are the same ones? |
My warning was against symlinking OpenSSL binaries from different main branches. admin's suggestion was that symlinking was the solution for the fact that Apache uses OpenSSL 3.1 and PHP 8.2 uses OpenSSL 3.0. It is not. Symlinking means that you either try to run Apache (which is compiled with OpenSSL 3.1) with the binaries from OpenSSL 3.0. Or you try to run PHP 8.2/8.3 (which are compiled by the PHP-devs with OpenSSL 3.0) with Apache's OpenSSL 3.1 binaries. Do not try this at home. And certainly not in production.
My advice for Apachelounge: use the same OpenSSL main branch that the PHP-devs are using for PHP 8.2. Only then is mod_php still a viable alternative to mod_fcgid. |
|
| Back to top |
|
admin
Site Admin
Joined: 15 Oct 2005
Posts: 692
|
| Posted: Thu 15 Jun '23 9:42 Post subject: |
|
|
It is not clear what the openssl version policy of the PHP devs is.
And there is a very good alternative for mod_php: mod_fcgid.
Our policy is build with the latest dependencies (curl, Openssl etc.). PHP devs are not the only ones building with OpenSSL. |
|
| Back to top |
|
Otomatic
Joined: 01 Sep 2011
Posts: 212
Location: Paris, France, EU
|
| Posted: Thu 15 Jun '23 9:43 Post subject: |
|
|
| admin wrote: | | Maybe Otomatic can instruct how to make such symbolic links. |
Hi,
There are several ways to create a symbolic link.
- Using the Windows MKLINK command line.
To obtain the information, in a command window, type
MKLINK /?
I won't give you the result, because I've got it in French.
- The PHP function symlink
https://www.php.net/manual/en/function.symlink.php
- For over 20 years, Hermann Schinagl has been developing and maintaining a Windows shell extension:
Hard Link Shell Extension
which lets you create symbolic links, junctions and other "tricks" by simply dragging and dropping with right-click:
https://schinagl.priv.at/nt/hardlinkshellext/linkshellextension.html
In Wampserver, symbolic links are created by a PHP script.
| Code: | foreach($phpDllToCopy as $dll) {
$target = $c_phpVersionDir.'/php'.$php_version.'/'.$dll;
$link = $c_apacheVersionDir.'/apache'.$wampConf['apacheVersion'].'/'.$wampConf['apacheExeDir'].'/'.$dll;
//symlink deleted if exists
if(is_link($link)) unlink($link);
//Symlink created if file exists in phpx.y.z directory and is not a file in Apache bin directory
if(is_file($target) && !is_file($link)) {
if(symlink($target, $link) === false) {
$errorTxt .= "Error while creating symlink '".$link."' to '".$target."' using php symlink function\n";
}
}
}
|
In reality, it's a little more complicated, because you need to take into account the versions of PHP and Apache to know which are the openssl versions on each side. |
|
| Back to top |
|
