TLS 1.2 Yosemite

Has anyone been able to update Apache/ssl so that TLS 1.2 can work in Yosemite? I've upgreaded openssl using homebrew but can't seem to get apache to work with TLS 1.2. I've tried modifying the appriopirate

SSLProtocol -ALL +TLSv1 to be SSLProtocol -ALL +TLSv1.2 but when I do this the apache server does not accept connections. Can anyone point me in the right direction.

Replies

I'm not sure I understand your question. Are you asking about Apache running on 10.10? Or Apache running on some other system with 10.10 as the client? If so, what system is that?

Share and Enjoy

Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

I'm refereing ot Apache running on OSX 10.10. I'm trying to get it to work using TLS 1.2 as the security protocol. I'm updated oppssl, but am not able to get TLS to run with anything but version 1.0.

I'm refereing ot Apache running on OSX 10.10.

OK. Is that the built-in Apache? Or a version that you've installed yourself?

Share and Enjoy

Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

It is the built-in Apache. Version: Apache/2.4.10 (Unix)

I don't have an answer for you here, alas. I'm not sure whether the built-in Apache is dynamically linked to the system OpenSSL or has its own statically linked OpenSSL (which is what we generally recommend). If it's the latter, it's obvious that upgrading OpenSSL on the system as a whole will have no effect.

I can see three options for you here:

  • continue to investigate the built-in Apache — If you want to do this I recommend you post your question to Apple Support Communities, run by AppleCare, where it'll reach a bigger audience whose more familiar with user-level issues.

  • try OS X Server — Apache isn't really part of the OS X client product, in that it's not used by any user-facing feature. OTOH, Apache is part of OS X Server, and thus I'd be very disappointed if it didn't support TLS 1.2 out of the box.

  • built your own Apache

Share and Enjoy

Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Thanks for your direction. To fully clarify, I am using OSX Server, and this is the apache tha is underlying it there. I will try posing to the Apple Support Communities as you have recommended to see if they have an answer.

Did you find an answer? I've been banging my head against a wall trying to get TLS 1.2 on the latest OS X server. I can't believe that Apple, with all its ATS requirements, would not have support for TLS 1.2. Flabbergasting

I'm also looking for an answer on this. Any advise is highly appreciated.

My personal web server runs macOS 10.11.x and it supports TLS 1.2 connections. I’m not sure when this changed. As I mentioned above, this isn’t really a developer issue, so it’s not something that I track assiduously.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"