you need to compile Apache over the new version of openssl libraries in order for Apache HTTPd to correctly use the openssl version you want to use.

Apache will allow you to use tlsv1.2 when the openssl version it was compiled against supports it.

2015-08-11 21:01 GMT+02:00 Mohanavelu Subramanian <>:
Hi All,

Good Morning.

I am to new Apache Users mailing list. I have described the issue I am facing to support TLSv1.2

Currently, our product use Apache 2.2.12 provided by SLES 11sp3. 
We are doing a securing hardening now by enabling only TLSv1.2 protocol and disabling other protocols. I tried to configure "SSLProtocol  TLSv1.2". But after apache restart, it throws an error "invalid protocol". I came to know that mod_ssl refers openssl 0.9.8 version, though we have latest openssl 1.0.1(which supports TLSv1.2). The mod_ssl loads openssl0.9.8 always.

It seems the latest Apache version 2.4.x supports TLSv1.2. But this apache version is available in SLES 12 only which wont be available for us for another 6 months.So, we dropped this option.

So, the procurement team advised us to use mod_nss which can support TLSv1.2 with Apache 2.2.12. We started the migration from mod_ssl to mod_nss and everything went well, but the directive "SSLVerifyClient optional_no_ca" is not available with mod_nss. It provides only none,optional,require.So, we are blocked on this and could not migrate to mod_nss. 
Can you please suggest how to overcome this issue.

Now, we are looking for Apache rpm (2.2.x) and its dependency rpms which supports TLSv1.2 on Linux. I googled and could not find the rpms for Linux but only source code available to compile. I tried compiling it but I got lot of dependency issues for which I could not get dependent rpms from net. Also I could not find docs to guide how to compile and install.

Could you please share your inputs or solutions on this issue if you had encountered before.

Thanks in Advance.


Daniel Ferradal
IT Specialist

email         dferradal at