[Bug 69736] New: 2.4.64 breaks SSLEngine optional

Thu, 10 Jul 2025 09:54:58 -0700 

https://bz.apache.org/bugzilla/show_bug.cgi?id=69736

            Bug ID: 69736
           Summary: 2.4.64 breaks SSLEngine optional
           Product: Apache httpd-2
           Version: 2.4.63
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl
          Assignee: bugs@httpd.apache.org
          Reporter: h.rei...@thelounge.net
  Target Milestone: ---

with this breaking change every vhost is using the certificate from the
defualt-host on top which was previously the only one needed " SSLEngine On"

besides that this is a breaking change from 2.4.63 to 2.4.64 this feature is
*essential* to not need two vhost-definitions for hundrets auf virtual hosts
and mirror the whole configuration

[Thu Jul 10 17:08:28.704039 2025] [ssl:notice] [pid 667778:tid 667778] AH10510:
'SSLEngine optional' is no longer supported
[Thu Jul 10 17:08:28.704096 2025] [ssl:notice] [pid 667778:tid 667778] AH10510:
'SSLEngine optional' is no longer supported
[Thu Jul 10 17:08:28.704144 2025] [ssl:notice] [pid 667778:tid 667778] AH10510:
'SSLEngine optional' is no longer supported
[Thu Jul 10 17:08:28.704199 2025] [ssl:notice] [pid 667778:tid 667778] AH10510:
'SSLEngine optional' is no longer supported

<VirtualHost _default_:80>
 <Location />
  Require all denied
 </Location>
 <Location /.well-known>
  Require all granted
 </Location>
</VirtualHost>
<VirtualHost _default_:443>
 ServerName default.buildserver.thelounge.net
 <Location />
  Require all denied
 </Location>
 <Location /.well-known>
  Require all granted
 </Location>
 SSLEngine          On
 SSLUseStapling     Off
 SSLCertificateFile "/var/lib/letsencrypt/certs/0000-default.conf_rsa.pem"
 SSLCertificateFile "/var/lib/letsencrypt/certs/0000-default.conf_ecdsa.pem"
</VirtualHost>

<VirtualHost *:80 *:443>
 ServerName packages.thelounge.net
 DocumentRoot "/Volumes/dune/buildserver/repo"
 <Directory "/Volumes/dune/buildserver/repo">
  Options +Indexes
  Require all granted
 </Directory>
 <IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{HTTPS} off
  RewriteCond %{CONN_REMOTE_ADDR} !^192\.168\.196\.4
  RewriteCond %{REQUEST_URI} !^\/\.well\-known\/acme\-challenge\/
  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
 </IfModule>
 <IfModule mod_headers.c>
  Header always set "Strict-Transport-Security" "max-age=31536000"
 </IfModule>
 SSLEngine Optional
 SSLCertificateFile "/var/lib/letsencrypt-wildcard/certs/wildcard_rsa.pem"
 SSLCertificateFile "/var/lib/letsencrypt-wildcard/certs/wildcard_ecdsa.pem"
</VirtualHost>

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org

Reply via email to