+++ This bug was initially created as a clone of Bug #1038648 +++ Description of problem: There is a serious incompatibility problem with apache + openssl in new RHEL 6.5. Current available apache version built from openssl version 1.0.0, and openssl shipped with RHEL 6.5 has version 1.0.1. However as we ship so many versions of httpd its hard to keep track of what version has this capabilities and what versions don't due to backports? Based on these comments no version of httpd (that Red Hat provides) ships this capability (as you need 2.2.23). - RHEL 6 = 2.2.15 + Backports - EWS 1.2 = 2.2.17 + (not much) - EWS 2.0 = 2.2.22 + (1 patch [me thinks]) Even with this said I know of at least 1 case [attached], and 1 BZ [https://bugzilla.redhat.com/show_bug.cgi?id=818670] that seem to indicate that we have put this into the RHEL 6.5 release (at least that is what I read). However it seems that Apache was not update / or rebuilt to provide this? Is this a bug that should be addressed? Will EWS be getting a backport for this capability as well as? The reason I bring this feature / capability up is because it demonstrates how having Apache (provided in multiple facets) makes it hard for support to tell customer what they can or can not use the product for / what is supported. It also confuses our customers because the later version 2.2.15 (RHEL) might now have a feature that the 2.2.22 (EWS) version does not have (simply due to a backport).
Actually that would require an openssl upgrade.
Currently we use the openssl from RHEL.
According to httpd changelog it has been fixed in 2.2.23 but it requires OpenSSL 1.0.1.
We depend on OpenSSL in RHEL, do we build an ship it for other supported platforms? Weinan, do you have a contact that can give us insight into a possible upgrade of OpenSSL on RHEL?
After discussing with Jean-Frederic, we think it's better to put this into EWS 3.
It looks like RHEL has released OpenSSL 1.0.1 in some channels. https://rhn.redhat.com/rhn/software/packages/details/Overview.do?pid=839677 I don't know how to map this information to the versions of RHEL we support (RHEL 6 x86 and x86_64, RHEL 5 x86 and x86_64). Weinan, do you know how to map this information?
Hi John, I saw the current maintainer of OpenSSL is Tomáš Mráz <tmraz>. Hope the info useful to you :-)
(In reply to John Doyle from comment #8) > It looks like RHEL has released OpenSSL 1.0.1 in some channels. > > https://rhn.redhat.com/rhn/software/packages/details/Overview.do?pid=839677 > > I don't know how to map this information to the versions of RHEL we support > (RHEL 6 x86 and x86_64, RHEL 5 x86 and x86_64). Weinan, do you know how to > map this information? After checking the product list, it could map to our product on RHEL6 (32bit and x86_64)
Verified with JWS3.0 ER2.1 (includes Apache/2.4.6 (Red Hat)) on RHEL6.6 (includes OpenSSL 1.0.1e-fips) and on RHEL7.1 (includes OpenSSL 1.0.1e-fips)
Verified with JWS3.0 ER2.1 (includes Apache/2.4.6 and OpenSSL 1.0.1e) on MS Windows.
*** Bug 1161283 has been marked as a duplicate of this bug. ***