Topic: Apache/OpenSSL Debugging & Upgrading?

[andrewteg]

I'm hoping to upgrade our server which has a few dozen sub/domains from 2.4.12 to 2.4.23 mostly to get upgraded SSL and possibly move from VC11 to VC14.

Is this a worthwhile upgrade?

Should I be worried about anything if we go from VC11 to VC14?

As background, this came about b/c we failed an SSL test due to May's OpenSSL Padding Oracle vulnerability. To get around that, I replaced the 3 bin DLLs and openssl.exe from 1.0.1t that we had replaced last year due to Heartbleed. That seems to have passed the test but am I asking for trouble by running a mash-up here?

We also have one SSL site that started getting more traffic recently and is having random slowdowns that don't appear to affect non-SSL sites on the same server. We are getting a lot of "mod_fcgid: process #### graceful kill fail, sending SIGKILL" errors now in the Apache error.log file. I'm unsure if they are related as I've had trouble tracking that down or even knowing if I need to, but there were 60+ yesterday and only 3-4 a day a couple months ago, so it seems something is off.

Thanks for any help and tips,
Andrew

[Steffen]

It is advised to upgrade 2.4.23, see change log.

Upgrade to VC14 is also advised, no worry.

You should always replace OpenSSL files with the corresponding mod_ssl