Mailing List Archive

On 11/9/22 8:29 AM, Turritopsis Dohrnii Teo En Ming wrote:
> Subject: Apache HTTP Server dependency on OpenSSL
>
> Good day from Singapore,
>
> I read that Apache HTTP Server depends on/requires OpenSSL 1.1.1 to operate a TLS 1.3 web server.
>
> Can we use OpenSSL 3.0.7 instead of OpenSSL 1.1.1? Is it supported?

2.4.54 supports OpenSSL 3.0

Regards

Rüdiger

On Wed, 9 Nov 2022 at 18:32, Ruediger Pluem <rpluem@apache.org> wrote:

>
>
> On 11/9/22 8:29 AM, Turritopsis Dohrnii Teo En Ming wrote:
> > Subject: Apache HTTP Server dependency on OpenSSL
> >
> > Good day from Singapore,
> >
> > I read that Apache HTTP Server depends on/requires OpenSSL 1.1.1 to
> operate a TLS 1.3 web server.
> >
> > Can we use OpenSSL 3.0.7 instead of OpenSSL 1.1.1? Is it supported?
>
> 2.4.54 supports OpenSSL 3.0
>
> Regards
>
> Rüdiger
>
>
Noted with thanks.

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore

Hi Team,

We are facing security vulnerability with "faterxml jackson databind" dependency 2.13.3, 1.13.4, .. so on. Even if we used latest 2.14.0-rc2 version also did not resolve the "CVE-.." type vulnerabilities.
Could you please help/suggest.

-----Original Message-----
From: Ruediger Pluem <rpluem@apache.org>
Sent: Wednesday, November 9, 2022 1:02 PM
To: dev@httpd.apache.org
Subject: [External] Re: Apache HTTP Server dependency on OpenSSL

This message is from an EXTERNAL SENDER - be CAUTIOUS, particularly with links and attachments.



On 11/9/22 8:29 AM, Turritopsis Dohrnii Teo En Ming wrote:
> Subject: Apache HTTP Server dependency on OpenSSL
>
> Good day from Singapore,
>
> I read that Apache HTTP Server depends on/requires OpenSSL 1.1.1 to operate a TLS 1.3 web server.
>
> Can we use OpenSSL 3.0.7 instead of OpenSSL 1.1.1? Is it supported?

2.4.54 supports OpenSSL 3.0

Regards

Rüdiger


________________________________

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy.
______________________________________________________________________________________

www.accenture.com

On 09.11.2022 08:39, Payyavula, Manjula Vani via dev wrote:
> Hi Team,
>
> We are facing security vulnerability with "faterxml jackson databind" dependency 2.13.3, 1.13.4, .. so on. Even if we used latest 2.14.0-rc2 version also did not resolve the "CVE-.." type vulnerabilities.
> Could you please help/suggest.

...with which Apache project? This mailing list is about the Apache HTTP
Server ("httpd").

Best regards, Julian