# Two versions of Openssl



## dcman5000 (Jul 18, 2020)

Hello,

I currently have two versions of openssl.

How would I go about configuring my apache to use the latest version of openssl.

I'm new here so if anyone has any suggestions or guidelines of where to post this. Please let me know


----------



## a6h (Jul 18, 2020)

The only thing that matter: enabling mod_ssl.so and mod_socache_shmcb.so in httpd.conf, generate a pair of key, e.g. server.crt and server.key, put them in a folder and point to them in httpd-ssl.conf file
`SSLCertificateFile "pathToSSL/server.crt"`
`SSLCertificateKeyFile "pathToSSL/server.key"`
There are lots of steps between, such as `Include etc/apache24/extra/httpd-ssl.conf`. Search for FAMP and OpenSSL on the net.


----------



## dcman5000 (Jul 19, 2020)

The thing is I have valid certs from the old SSL version. I don't need to generate keys


----------



## richardtoohey2 (Jul 20, 2020)

You _may_ have to build Apache to use the ports version of OpenSSL.

But for a simpler life use the base version.

```
% uname -a
FreeBSD xx.yyy.co.nz 12.1-RELEASE-p7 FreeBSD 12.1-RELEASE-p7 GENERIC  amd64
% /usr/bin/openssl version
OpenSSL 1.1.1d-freebsd  10 Sep 2019
% /usr/local/bin/openssl version
OpenSSL 1.1.1g  21 Apr 2020
```

Apache 2.4 mod_ssl linked to the lib in /usr/local/lib

```
% ldd /usr/local/libexec/apache24/mod_ssl.so
/usr/local/libexec/apache24/mod_ssl.so:
    libssl.so.11 => /usr/local/lib/libssl.so.11 (0x8006ac000)
    libcrypto.so.11 => /usr/local/lib/libcrypto.so.11 (0x800e00000)
    libcrypt.so.5 => /lib/libcrypt.so.5 (0x800742000)
    libthr.so.3 => /lib/libthr.so.3 (0x800763000)
    libc.so.7 => /lib/libc.so.7 (0x80024a000)
```

The version in /usr/local/lib is 1.1.1g:

```
% strings /usr/local/lib/libssl.so.11 | grep 1.1.1
OPENSSL_1_1_1
OPENSSL_1_1_1a
OpenSSL 1.1.1g  21 Apr 2020
```

The version in /usr/lib is 1.1.1d - the version in FreeBSD 12.1:

```
% strings /usr/lib/libssl.so.111 | grep 1.1.1
OPENSSL_1_1_1
OPENSSL_1_1_1a
OpenSSL 1.1.1d-freebsd  10 Sep 2019
```

See an earlier conversation here: https://forums.freebsd.org/threads/updating-apache-2-4-25-to-latest.66681/#post-394911


----------

