I am running Apache 2.2.18 on my work machine and have a dedicated IP and paid SSL certificate. Since this server should be secure, I only use HTTPS when I access it. To do a test I went to ssllabs.com so see what the result for my web server would be. The results I got were pretty terrible. One reason I found is because it was using, by default, OpenSSL 0.9.8r and SSLv2 for browser support. I followed the guide to secure my server and use TLS instead to harden it up, but my build of apache only support TLSv1 and not TLSv1.1 and TLSv1.2.
I then installed the newest OpenSSL from the ssllounge as you can see below, and placed those files in my Apache\Bin folder.
OpenSSL> version
OpenSSL 1.1.0b 26 Sep 2016
My server still shows the following tho:
Apache / 2.2.18 (Win32) mod_ssl / 2.2.18 OpenSSL / 0.9.8r
I am aware that because of how things are set up I need a new version of the mod_ssl.so for my apache. I have Visual C++ 2008, Windows SDK 6.1, and downloaded the newest source for mod_ssl from their website.
What do I do now? I haven't compiled anything with C++ before and I am unsure of what I need to do to upgrade my mod_ssl so it uses the new openSSL 1.1.0 that I downloaded and installed. Thanks and sorry for being a noob..
Best Answer
Download binaries from http://www.apachelounge.com/download/ & replace your current apache by overwriting. Make sure to convert your configuration files first.