9 Replies
      Latest reply: Feb 26, 2017 2:35 PM by eskimo RSS
      mykewithay Level 1 Level 1 (0 points)

        Has anyone been able to update Apache/ssl  so that TLS 1.2 can work in Yosemite? I've upgreaded openssl using homebrew but can't seem to get apache to work with TLS 1.2. I've tried modifying the appriopirate SSLProtocol -ALL +TLSv1 to be SSLProtocol -ALL +TLSv1.2 but when I do this the apache server does not accept connections. Can anyone point me in the right direction.

        • Re: TLS 1.2 Yosemite
          eskimo Apple Staff Apple Staff (6,665 points)

          I'm not sure I understand your question.  Are you asking about Apache running on 10.10?  Or Apache running on some other system with 10.10 as the client?  If so, what system is that?

          Share and Enjoy

          Quinn "The Eskimo!"
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

            • Re: TLS 1.2 Yosemite
              mykewithay Level 1 Level 1 (0 points)

              I'm refereing ot Apache running on OSX 10.10. I'm trying to get it to work using TLS 1.2 as the security protocol. I'm updated oppssl, but am not able to get TLS to run with anything but version 1.0.

                • Re: TLS 1.2 Yosemite
                  eskimo Apple Staff Apple Staff (6,665 points)

                  I'm refereing ot Apache running on OSX 10.10.

                  OK.  Is that the built-in Apache?  Or a version that you've installed yourself?

                  Share and Enjoy

                  Quinn "The Eskimo!"
                  Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                  let myEmail = "eskimo" + "1" + "@apple.com"

                    • Re: TLS 1.2 Yosemite
                      mykewithay Level 1 Level 1 (0 points)

                      It is the built-in Apache. Version: Apache/2.4.10 (Unix)

                        • Re: TLS 1.2 Yosemite
                          eskimo Apple Staff Apple Staff (6,665 points)

                          I don't have an answer for you here, alas.  I'm not sure whether the built-in Apache is dynamically linked to the system OpenSSL or has its own statically linked OpenSSL (which is what we generally recommend).  If it's the latter, it's obvious that upgrading OpenSSL on the system as a whole will have no effect.

                          I can see three options for you here:

                          • continue to investigate the built-in Apache — If you want to do this I recommend you post your question to Apple Support Communities, run by AppleCare, where it'll reach a bigger audience whose more familiar with user-level issues.

                          • try OS X Server — Apache isn't really part of the OS X client product, in that it's not used by any user-facing feature.  OTOH, Apache is part of OS X Server, and thus I'd be very disappointed if it didn't support TLS 1.2 out of the box.

                          • built your own Apache

                          Share and Enjoy

                          Quinn "The Eskimo!"
                          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                          let myEmail = "eskimo" + "1" + "@apple.com"

                            • Re: TLS 1.2 Yosemite
                              mykewithay Level 1 Level 1 (0 points)

                              Thanks for your direction. To fully clarify, I am using OSX Server, and this is the apache tha is underlying it there. I will try posing to the Apple Support Communities as you have recommended to see if they have an answer.

                                • Re: TLS 1.2 Yosemite
                                  -jon- Level 1 Level 1 (0 points)

                                  Did you find an answer? I've been banging my head against a wall trying to get TLS 1.2 on the latest OS X server. I can't believe that Apple, with all its ATS requirements, would not have support for TLS 1.2. Flabbergasting

                                    • Re: TLS 1.2 Yosemite
                                      mabdelhady Level 1 Level 1 (0 points)

                                      I'm also looking for an answer on this. Any advise is highly appreciated.

                                        • Re: TLS 1.2 Yosemite
                                          eskimo Apple Staff Apple Staff (6,665 points)

                                          My personal web server runs macOS 10.11.x and it supports TLS 1.2 connections.  I’m not sure when this changed.  As I mentioned above, this isn’t really a developer issue, so it’s not something that I track assiduously.

                                          Share and Enjoy

                                          Quinn “The Eskimo!”
                                          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                                          let myEmail = "eskimo" + "1" + "@apple.com"