0

Our product running over RHEL has Apache 2.2.26 & OpenSSL 0.9.7 [ofcourse, pretty old].

We are currently upgrading Openssl to 0.9.8za. I have installed the latest OpenSSL RPMs.

However Apache is failing to start.

After debugging i found the issue is wrt libssl. A soft link /lib64/libssl.so.4 has been mapped to /usr/lib/libssl.so.0.9.7a. After upgradation i have mapped it as /usr/lib/libssl.so.0.9.8. While doing so, apache fails to start with no reported error message. With no other changes and only replacing softlink back to 0.9.7, apache starts fine.

Please let me know if there are any known incompatibilities between openssl 0.9.8za & Apache mod_ssl.

kiwi
  • 1
  • 1
  • I feel like you should have rebuilt mod_ssl after you installed the new openssl package. And, is there a particular reason you're installing openssl 0.9.8za? RHEL will backport security fixes, so, if you're on the latest openssl for your particular RHEL installation, you should be OK, security-wise. – cjc Jun 26 '14 at 12:17
  • possible duplicate of [Apache mod\_ssl \[2.2.26\] and Openssl \[0.9.8za\] compatibility](http://serverfault.com/questions/608106/apache-mod-ssl-2-2-26-and-openssl-0-9-8za-compatibility) – larsks Jun 26 '14 at 12:27
  • OMG.. Thanks a lot @cjc ..I tried rebuilding in the new environment which had openssl 0.9.8 and it did the trick.. Now i am able to run apache without any issues.. – kiwi Jun 26 '14 at 12:56
  • You should be relying on packages from RH, unless there is a compelling reason not to. They will have security fixes, etc. Managing your own software manually (or even building your own packages) is a dark, dark path, not to be taken lightly. It will ultimately be *less* secure than relying on RH to backport fixes because you are not going to be as diligent and aware as they are. – cjc Jun 26 '14 at 14:06

0 Answers0