[Bug 1400473] Re: Apache 2.2 on Ubuntu 12.04 LTS doesn't allow disabling TLS1.0
I have installed the update, and testing with the latest Chrome and IE browsers on Windows 7 confirms that they now recognize our server as running TLS1.2! Thanks for the fix! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1400473 Title: Apache 2.2 on Ubuntu 12.04 LTS doesn't allow disabling TLS1.0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1400473/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1400473] Re: Apache 2.2 on Ubuntu 12.04 LTS doesn't allow disabling TLS1.0
From the Apache 2.2 documentation: TLSv1.1 (when using OpenSSL 1.0.1 and later) A revision of the TLS 1.0 protocol, as defined in RFC 4346. TLSv1.2 (when using OpenSSL 1.0.1 and later) A revision of the TLS 1.1 protocol, as defined in RFC 5246. I suspect that the issue is that the current version of Apache 2.2 in 12.04.5 LTS incorrectly thinks that OpenSSL is not quite at 1.0.1, despite the fact that it clearly is reported to be that way when I run dpkg-configure: root@db3:~# dpkg-query --list apache2 openssl Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name VersionDescription +++-==-==- ii apache22.2.22-1ubuntu1.7 Apache HTTP Server metapackage ii openssl1.0.1-4ubuntu5.21 Secure Socket Layer (SSL) binary and related cryptographic t I am reasonably comfortable that this issue is not really a show-stopper anymore, but rather some sort of minor package compilation related quirk that does not really change any functionality. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1400473 Title: Apache 2.2 on Ubuntu 12.04 LTS doesn't allow disabling TLS1.0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1400473/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1400473] Re: Apache 2.2 on Ubuntu 12.04 LTS doesn't allow disabling TLS1.0
I get something similar when I run that command for my own domain name: SSL-Session: Protocol : TLSv1.2 Cipher: DHE-RSA-AES256-GCM-SHA384 However, I still get the warning in apachectl configtest : SSLProtocol: Illegal protocol 'TLSv1.2' Action 'configtest' failed. I am going to assume that the problem is not the openssl, but rather Apache, and that perhaps what is going on is that Ubuntu version of Apache is to blame. My hunch is that when i enter TLSv1, it treats it as though I had enabled TLSv1, TLSv1.1, and TLSv1.2, despite the documentation for Apache 2.2 saying that TLSv1.1 and TLSv1.1 should be valid values, and my assumption that enabling TLSv1 should not enable the other two. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1400473 Title: Apache 2.2 on Ubuntu 12.04 LTS doesn't allow disabling TLS1.0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1400473/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 809400] Re: Cannot compile any version of PHP I want on Lucid due to dependencies in apache2-prefork-dev
Holy cow you're right, I definitely need to get to 5.2.17 somehow. I've compiled PHP before with configure and make, but I'm not familiar at all with any of these other build tools you mention. I'm sure nobody wants to be teaching everyone how to do all this stuff or be doing it for them. Could you recommend any FAQ pages or wikis which would allow someone with absolutely rudimentary knowledge of compiling like myself to be able to learn how to compile packages that can properly be used with APT to satisfy dependencies? I've heard there are the virtual packages one can use, but it strikes me that if I do not learn to compile PHP as close as possible to the Ubuntu way, I will not have the maximum level of compatibility. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/809400 Title: Cannot compile any version of PHP I want on Lucid due to dependencies in apache2-prefork-dev To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/809400/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 809400] Re: Cannot compile any version of PHP I want on Lucid due to dependencies in apache2-prefork-dev
Sorry for being rude, but as you might imagine this whole situation was frustrating, and it was not the first time some little thing about Ubuntu LTS caused me much main and suffering. Not as much as RedHat but that's another story. Getting logged in and posting was even more frustrating as the site intentionally makes it hard to post bug reports to keep out the stupid people I guess, and it's even harder when under maintenance as it was at the time. I can see how one might get tired of frustrated users, but then again that is almost entirely who comes here. You may call needing to run PHP 5.2.X with the PHP version of the GD library on a recent server distro not sane, but I wouldn't call a server distribution that does not offer an option for PHP 5.2.X with its included GD library as an option particularly sane either. I guess we server admins think you OS developers are insane, and you OS developers think we server admins are insane. I can only imagine then what the customers think of us then when we tell them they need to pay over $20,000 to port all their legacy code to PHP 5.3.X if they want a server OS that is still eligible for security updates. Anyways, what I am trying to say is unless someone in this situation such as myself is willing to do something that is apparently not sane, they cannot run their PHP code on Ubuntu LTS distributions, and this is all because two mildly related dev packages incorrectly claim that they depend on their corresponding non-dev packages. I hear this was solved in PHP 5.3.X as there is a seperate version of PHP and/or GD library that uses PHP's version of the GD library, but again, 5.3.X is not an option here. I read online about installing 5.2.X on Lucid, and heard that you can just mess with /etc/apt/sources.list to let you install PHP 5.2.X from Karmic onto Lucid, then lock those packages to the Karmic versions so that they do not update to the Lucid versions, and you're good to go. Unfortunately, PHP made their own GD library version and you guys did not want to use it due to security concerns, so instead I used a Karmic source package, made it use PHP's GD library instead of the Ubuntu system version, and tried to compile that as a solution, whereupon I ran into the previously mentioned dependency issues. If you know of a better AND simpler way for the thousands of server admins like me who need to install the PHP 5.2.X and PHP GD library on Lucid, PLEASE let us know as it would benefit us all. I know you do not want people posting bug reports about this stuff, and we don't want to have to bang our heads on the desk this many times to just get it to work. I realize this will all probably either fall on deaf ears, or be too long to read and ignored, and so not fixed. That's okay however, my main concern is that people doing Google searches about this same issue might find this bug report and thus learn how to solve the problem. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/809400 Title: Cannot compile any version of PHP I want on Lucid due to dependencies in apache2-prefork-dev To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/809400/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 74647] Re: php5-gd not using bundled GD library
I installed PHP 5.2.X on Lucid which normally comes with 5.3.X as I have old code I cannot yet change. This lead to a headache recompiling PHP with the proper GD library because libaprutil1-dev and apache2-prefork-dev depend on their respective non-dev packages, so in order to satisfy the dependencies necessary for recompiling this older version of PHP, you have to download .deb files for these two packages, modify /etc/apt/sources.list back so it uses karmic instead of lucid as you usually have to do in order to install the PHP 5.2.X packages from karmic, install all OTHER dependencies, change /etc/apt.sources.list back, force install of these .deb packages with dpkg --force-depends -i [packagename], THEN you can compile, then you can uninstall all this crap it installed to compile, and THEN you can replace your currently running version of php5-gd with your newly compiled php5-gd .deb file (as altering and recompiling the source package also compiles all the subpackages as well). I mentioned most if not all of the commands I ran in order to accomplish this under bug #809400 incase any of you don't know how to do all this and need some help figuring it out. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/74647 Title: php5-gd not using bundled GD library To manage notifications about this bug go to: https://bugs.launchpad.net/mantis/+bug/74647/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 74647] Re: php5-gd not using bundled GD library
would be awesome if this would be done, or if an optional php5-gd- boutell package could be created that does this. I know this would work, because I am currently running the default php5 package from karmic and only had to swap in my recompiled php5-gd package, php5-gd_5.2.10.dfsg.1-2ubuntu6.10_amd64.deb -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/74647 Title: php5-gd not using bundled GD library To manage notifications about this bug go to: https://bugs.launchpad.net/mantis/+bug/74647/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs