My Web server supports TLSv1.3 now.

TLSv1.3   Apache 2.4.37 from Apache Lounge supported TLSv1.3, so I enabled TLSv1.3 on my Web server which runs on Windows7 HP SP1 32-bit. I only changed from SSLProtocol -all +TLSv1.2 to SSLProtocol -all +TLSv1.2 +TLSv1.3. I did nothing about SSLCipherSuite Directive because the SSL_CTX_set_cipher_list page says ‘An empty list is permissible’.
The default value for the this setting is: “TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256”

   Here is the results before and after of SSL Labs Server Test.

Hey MSE, why did you make me panic? It told Apache files are Trojan:Win32/Critet.BS.

Update (Mar.22):

   Today, I’ve updated Apache from 2.4.32 to 2.4.33. Now, MSE says all files are clean. What was that alert? Really compromised or not? Anyway, I backed the MSE settings to the default.

   This morning Microsoft Security Essentials suddenly told Apache files are Trojan:Win32/Critet.BS and quarantined them, so Apache stopped on my server PC whose OS is Windows7 HE SP1. Although I needed to recover the service immediately, I had to take my mother to a hospital. Therefore the service must have been unavailable for about an hour.
Continue reading “Hey MSE, why did you make me panic? It told Apache files are Trojan:Win32/Critet.BS.”

From dehydrate to mod_md, Let’s Encrypt Tool.

Update information      Edit(Nov.16)  Edit2(Nov.30)

   Early this morning, I changed Let’s Encrypt Tool from dehydrated to mod_md. On August 17, Steffen announced “mod_md is available for 2.4.27 VC15”. I did nothing about it though I became curious, because I was busy and I already used ‘dehydrated’. But the day before yesterday, I found “ACME Support in Apache HTTP Server Project”. So I decided to use ‘mod_md’ yesterday.
Continue reading “From dehydrate to mod_md, Let’s Encrypt Tool.”

A very beginner for Visual C++ with CMake.

   Yesterday, I installed Visual Studio Community 2017 for learning Visual C++ with CMake. Why did I decide to learn Visual C++? Because I want to compile Apache Dev version for Microsoft Windows. The page says httpd can be built on Windows using a cmake-based build system. Besides, Visual C++ Team says they can support CMake in Visual Studio 2017 easily and CMake Team does CMake version 3.7 or higher are compatible with Visual Studio 2017. The time is very good. I decided to learn Visual C++ with CMake. Continue reading “A very beginner for Visual C++ with CMake.”

Doing CHACHA and Brotli with Apache 2.4 on Windows.

Update information      Edit(May 2)

   Last October, I wrote “CHACHA20 Apache official version already supports but Apache Lounge version 2.4.23, which is my server current version, hasn’t yet“. On April 19, Steffen announced Apache 2.4.26-Dev available with Openssl 1.1.0e VC14. So, we can use CHACHA20_POLY1305 in the Windows version Apache now. For enabling the cipher you need to add CHACHA20-POLY1305 things to the SSLCipherSuite of the httpd-ssl.conf and reboot the Apache. Continue reading “Doing CHACHA and Brotli with Apache 2.4 on Windows.”

Letsencrypt.sh on Windows-#4.

[2017.OCt.20]    We can use mod_md in ApacheLounge 2.4.x version now, so I changed from dehydrated (former Letsencrypt.sh) to mod_md about certs updating tool. About this, see → “From dehydrate to mod_md, Let’s Encrypt Tool”.
========================================================
   On October 7, when I tested my site by SSL Server Test, I found ‘OCSP Must Staple Not Supported’ on it. So, I re-checked the old test report and also saw ‘OCSP Must Staple Not Supported’ there. I talked about this with くりくりさん at my Japanese blog comments. We also talked about Extended Validation(EV), CHACHA20, and Certificate Transparency(CT). But, these three are not available for my server now. EV is expensive. CHACHA20 Apache official version already supports but Apache Lounge version 2.4.23, which is my server current version, hasn’t yet. If I want to use, I need to build the supported version by myself. This is difficult for me. CT Apache hasn’t supported yet.
   However, I changed several things about my server TLS environment.
Continue reading “Letsencrypt.sh on Windows-#4.”

Letsencrypt.sh on Windows-#3.

Update information      Edit(Oct.26)

[2017.OCt.20]    We can use mod_md in ApacheLounge 2.4.x version now, so I changed from dehydrated (former Letsencrypt.sh) to mod_md about certs updating tool. About this, see → “From dehydrate to mod_md, Let’s Encrypt Tool”.
========================================================
[Oct.26]    As I use Elliptic curve Diffie–Hellman (ECDH) for kx now, I posted a new article. ☞“Letsencrypt.sh on Windows-#4”
========================================================
   On September 17, I got the first success of the renewal of Let’s Encrypt Certificates. The script and my batch made it at the daily task. I found the file differences in my Certs folder on the server like this ☟.

Continue reading “Letsencrypt.sh on Windows-#3.”

Letsencrypt.sh on Windows-#2.

Update information      Edit(Sep.19)  Edit2(Oct.26)

[2017.OCt.20]    We can use mod_md in ApacheLounge 2.4.x version now, so I changed from dehydrated (former Letsencrypt.sh) to mod_md about certs updating tool. About this, see → “From dehydrate to mod_md, Let’s Encrypt Tool”.
========================================================
[Oct.26]    As I use Elliptic curve Diffie–Hellman (ECDH) for kx now, I posted a new article. ☞“Letsencrypt.sh on Windows-#4”
========================================================
[Sep.19]    As I had a success about the first renewal of the Let’s Encrypt Certs automatically, I posted a new article. ☞“Letsencrypt.sh on Windows-#3”
   By the way, they renamed project from letsencrypt.sh to dehydrated. So you can find the project at https://github.com/lukas2511/dehydrated/releases. Therefore, read letsencrypt.sh as dehydrated in my article.
========================================================
   Continued from my last post.
   Now, I’ll write HowTO renew certs automatically by Letsencrypt.sh. Once I made the batch file which didn’t work well because of letsencrypt-win-simple limitation. But the part which was not related to letsencrypt-win-simple worked well.
Continue reading “Letsencrypt.sh on Windows-#2.”

Letsencrypt.sh on Windows-#1.

Update information      Edit(Sep.19)  Edit2(Oct.26)  Edit3(2017.Jul.9)

[2017.OCt.20]    We can use mod_md in ApacheLounge 2.4.x version now, so I changed from dehydrated (former Letsencrypt.sh) to mod_md about certs updating tool. About this, see → “From dehydrate to mod_md, Let’s Encrypt Tool”.
========================================================
[Oct.26]    As I use Elliptic curve Diffie–Hellman (ECDH) for kx now, I posted a new article. ☞“Letsencrypt.sh on Windows-#4”
========================================================
[Sep.19]    As I had a success about the first renewal of the Let’s Encrypt Certs automatically, I posted a new article. ☞“Letsencrypt.sh on Windows-#3”
   By the way, they renamed project from letsencrypt.sh to dehydrated. So you can find the project at https://github.com/lukas2511/dehydrated/releases. Therefore, read letsencrypt.sh as dehydrated in my article.
========================================================
   As I wrote, the script letsencrypt-win-simple doesn’t support the renewal of certificates on Apache Windows version still now, and the official client, that’s certbot, also doesn’t support Apache on Windows OS. So, I think I use the other script named letsencrypt.sh.
Continue reading “Letsencrypt.sh on Windows-#1.”