I am trying to update TLS1 to TLS1.1 or higher but after doing below changes, Getting error "SSLProtocol: Illegal protocol 'TLSv1.1'"
My Apache and openssl version are :-
httpd -v
Server version: Apache/2.4.2 (Unix)
Server built: Jul 16 2012 21:11:37
openssl version -a
OpenSSL 1.0.1e-fips 11 Feb 2013
built on: Tue Sep 27 12:27:19 UTC 2016
Centos-version (6.7)
rpm --query centos-release
centos-release-6-7.el6.centos.12.3.x86_64
Did changes for ssl :-
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLProtocol -all +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
SSLHonorCipherOrder on
I am not sure what is missing here, can anybody help me here?
Apache has to be compiled with OpenSSL when its installed.
Your Apache was apparently compiled back in 16th Jul 2012 when Apache 1.0.1 wasn't even released yet. So guessing it was compiled with the previous version (0.9.8) which doesn't support TLSv1.1.
At some point in the future someone has upgraded OpenSSL to a later version but not recompiled Apache.
As Apache 2.4 wasn't available as a packaged version way back in 2012 someone must have installed it manually and it's stayed on that old version ever since. I suggest you look in yum for a supported 2.4 version which may be available now or install it from source.
Related
I am using a PARSEC app to connect another machine, after upgrade ubuntu I have problem with login to app.
"Faild request /v2/auth/ Please check internet connection"
In log I have:
[D 2022-10-31 13:37:28] MTY_TLSHandshake: 'SSL_do_handhsake' failed with error -1:1
My openssl version /lib/x86_64-linux-gnu$ openssl version
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
This is my current version of Apache:
httpd -V
Server version: Apache/2.4.6 (CentOS)
Server built: Apr 24 2019 13:45:48
Server's Module Magic Number: 20120211:24
Server loaded: APR 1.4.8, APR-UTIL 1.5.2
Compiled using: APR 1.4.8, APR-UTIL 1.5.2
Architecture: 64-bit
Server MPM: prefork
threaded: no
forked: yes (variable process count)
I am using CentOS 7; when I try to update Apache, it says there are no upgrades. I know the latest version is 2.4.39: mine is 2.4.6.
I would recommend looking at RHEL's security backports page. It explains the process RH uses to update version numbers. Basically, even though your httpd -V says 2.4.6, RH may have updated the features and fixed issues from the CVE without updating the version number. Run rpm -q --changelog httpd | grep CVE-yyyy-nnnn, filling in yyyy-nnnn with a recent timestamp from the CVE list, and see if your version has received those updates.
Alternatively, you may not have the latest CentOS version, which may not have the updated list of software. Run yum update to be sure you have the latest version.
When trying to pull a image from the docker hub, I am receiving some weird errors. The specific error that the docker daemon returns is:
Error getting v2 registry: Get https://registry-1.docker.io/v2/1:
x509: certificate signed by unknown authority
The weird thing is that running "docker search x" runs fine and returns what was expected. Also curling the page(curl -vL registry-1.docker.io) and running the openssl s_client(openssl s_client -connect registry-1.docker.io:443) doesn't return any certificate errors.
I am not behind a corporate proxy or anything like that. I've tried a lot of solutions like adding certs to the /etc/docker/certs.d directory, reinstalling the ca-certificates package, rebooting my machine, and almost everything that google searches suggested.
I am running CentOS version 6.8.
My docker version:
Client:
Version: 1.12.2
API version: 1.24
Go version: go1.6.3
Git commit: bb80604
Built: Tue Oct 11 17:00:50 2016
OS/Arch: linux/amd64
Server:
Version: 1.12.2
API version: 1.24
Go version: go1.6.3
Git commit: bb80604
Built: Tue Oct 11 17:00:50 2016
OS/Arch: linux/amd64
Thanks!
I recently updated to php 7.0.4 on my server running a Debian 8.
here is what dpkg -l | grep php gives me:
ii libapache2-mod-php7.0 7.0.4-1~dotdeb+8.1 amd64 server-side, HTML-embedded scripting language (Apache 2 module)
ii php-common 21-1~dotdeb+8.1 all Common files for PHP packages
ii php-readline 21-1~dotdeb+8.1 all readline module for PHP [default]
ii php7.0 7.0.4-1~dotdeb+8.1 all server-side, HTML-embedded scripting language (metapackage)
ii php7.0-cli 7.0.4-1~dotdeb+8.1 amd64 command-line interpreter for the PHP scripting language
ii php7.0-common 7.0.4-1~dotdeb+8.1 all Common files for packages built from the PHP source
ii php7.0-curl 7.0.4-1~dotdeb+8.1 amd64 CURL module for PHP
ii php7.0-gd 7.0.4-1~dotdeb+8.1 amd64 GD module for PHP
ii php7.0-imap 7.0.4-1~dotdeb+8.1 amd64 IMAP module for PHP
ii php7.0-intl 7.0.4-1~dotdeb+8.1 amd64 Internationalisation module for PHP
ii php7.0-json 7.0.4-1~dotdeb+8.1 amd64 JSON module for PHP
ii php7.0-mcrypt 7.0.4-1~dotdeb+8.1 amd64 libmcrypt module for PHP
ii php7.0-mysql 7.0.4-1~dotdeb+8.1 amd64 MySQL module for PHP
ii php7.0-opcache 7.0.4-1~dotdeb+8.1 amd64 Zend OpCache module for PHP
ii php7.0-readline 7.0.4-1~dotdeb+8.1 amd64 readline module for PHP
My php applications run fine most of the time.But on some requests I just get a Page being generated for no foreseeable reason.
The /var/log/apache2/error.log states in such a case:
*** Error in `/usr/sbin/apache2': munmap_chunk(): invalid pointer: 0x00007efc6ddb4a50 ***
*** Error in `/usr/sbin/apache2': munmap_chunk(): invalid pointer: 0x00007efc6dd5cad0 ***
[Wed Mar 09 11:26:44.940931 2016] [core:notice] [pid 28486] AH00052: child pid 29338 exit signal Aborted (6)
[Wed Mar 09 11:26:44.941017 2016] [core:notice] [pid 28486] AH00052: child pid 29344 exit signal Aborted (6)
*** Error in `/usr/sbin/apache2': munmap_chunk(): invalid pointer: 0x00007efc6dd5cad0 ***
[Wed Mar 09 11:26:46.942581 2016] [core:notice] [pid 28486] AH00052: child pid 29347 exit signal Aborted (6)
I'll give some more information:
Syntax:
$ apachectl configtest
Syntax OK
Version:
apachectl -v
Server version: Apache/2.4.10 (Debian)
Server built: Nov 28 2015 14:05:48
Before the php update I did not see those errors. What is wrong here? Or how can I better find the source? I am lost here because this error occures kind of random. Sometimes the same request succeeds that faild with this error a minute ago. I would apprechiate your help.
That's now the second time we have been hit hard by the very same issue.
It happens when running PHP 7.0 on a up to date debian.
This will break any type of website system which heavily uses regular expression.
We have seen it iwth Neos (neos.io) or Typo3 (starting with 6.2).
In case it's not possible to use the testing version of the libpcre3.
Someone can disable the just in time compiling within the php.ini
Edit your php.ini add pcre.jit=0 anywhere you like
Restart your apache
Be happy
I have the same version and solved by upgrading libpcre3 like #Kevin Fischer write.
I was upgrade libpcre3 package form 2:8.35-3.3+deb8u4 (stable) to 2:8.38-3.1 (testing) version.
Step by step:
Add line deb http://ftp.us.debian.org/debian testing main contrib non-free to /etc/apt/sources.list
Create file /etc/apt/apt.conf.d/99default-release with content: APT::Default-Release "stable";
Run command apt-get update from root
Run command apt-get -t testing install libpcre3 to install testing version of libpcre3 package
Restart your server and check logs, error should be disappears.
For more info to install testing package see this question.
Warning! Testing packages can works incorrectly! Update in your own risk or wait new release.
We've just had a similiar situation, where one of our framework's components would fail us with:
*** Error in `php': munmap_chunk(): invalid pointer: 0x00007fdce5550060 ***
I can't tell you anything about the bug itself, but the cause of it was a broken libpcre3 version, namely 8.35-3.3+deb8u4. We we're running a custom build, because PHP7 requires JIT support from libpcre3, which isn't included in the default one our Ubuntu version comes with (Ubuntu 14.04 LTS, 8.31-2ubuntu2.3). Upgrading the libpcre3 version solved the problem for us.
I also kept getting those nasty apache crashes, but none of the solutions above and on other websites were working for me.
After a lot of trial and error, I found out the root cause on my system.
I manually edited the PHP configuration and added two extensions. Both for Microsoft's SQL Server.
I added the following lines to the php.ini
extension=sqlsrv.so
extension=pdo_sqlsrv
I did not notice that I fogot the ".so" at the pdo driver.
After changing the lines as shown below, the Apache service is running fine again.
extension=sqlsrv.so
extension=pdo_sqlsrv.so
When trying to run my app with eclipse/linux on tomcat
I got the following info message:
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/lib/jvm/java-6-sun-1.6.0.20/jre/lib/amd64/server:/usr/lib/jvm/java-6-sun-1.6.0.20/jre/lib/amd64:/usr/lib/jvm/java-6-sun-1.6.0.20/jre/../lib/amd64:/usr/lib64/xulrunner-addons:/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib
How do I resolve this issue?
My case:
Seeing the same INFO message.
Centos 6.2 x86_64
Tomcat 6.0.24
This fixed the problem for me:
yum install tomcat-native
boom!
For Ubntu Users
1. Install compilers
#sudo apt-get install make
#sudo apt-get install gcc
2. Install openssl and development libraries
#sudo apt-get install openssl
#sudo apt-get install libssl-dev
3. Install the APR package (Downloaded from http://apr.apache.org/)
#tar -xzf apr-1.4.6.tar.gz
#cd apr-1.4.6/
#sudo ./configure
#sudo make
#sudo make install
You should see the compiled file as
/usr/local/apr/lib/libapr-1.a
4. Download, compile and install Tomcat Native sourse package
tomcat-native-1.1.27-src.tar.gz
Extract the archive into some folder
#tar -xzf tomcat-native-1.1.27-src.tar.gz
#cd tomcat-native-1.1.27-src/jni/native
#JAVA_HOME=/usr/lib/jvm/jdk1.7.0_21/
#sudo ./configure --with-apr=/usr/local/apr --with-java-home=$JAVA_HOME
#sudo make
#sudo make install
Now I have compiled Tomcat Native library in /usr/local/apr/libtcnative-1.so.0.1.27 and symbolic link file /usr/local/apr/#libtcnative-1.so pointed to the library
5. Create or edit the $CATALINA_HOME/bin/setenv.sh file with following lines :
export LD_LIBRARY_PATH='$LD_LIBRARY_PATH:/usr/local/apr/lib'
6. Restart tomcat and see the desired result:
Download the appropriate APR based tomcat native library for your operating system so that Apache tomcat server can take some advantage of the feature of your OS which is not included by default in tomcat. For windows it will be a .dll file.
I too got the warning while starting the server and you don't have to worry about this if you are testing or developing. This is meant to be on production purposes.
After putting the tcnative-1.dll file inside the bin folder of Apache Tomcat 7 following are the output in the stderr file,
Apr 07, 2015 1:14:12 PM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.33 using APR version 1.5.1.
Apr 07, 2015 1:14:12 PM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
Apr 07, 2015 1:14:14 PM org.apache.catalina.core.AprLifecycleListener initializeSSL
INFO: OpenSSL successfully initialized (OpenSSL 1.0.1m 19 Mar 2015)
Apr 07, 2015 1:14:14 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-apr-127.0.0.1"]
I resolve this (On Eclipse IDE) by delete my old server and create the same again. This error is because you don't proper terminate Tomcat server and close Eclipse.