My Web server supports TLSv1.3 now.

TLSv1.3   Apache 2.4.37 from Apache Lounge supported TLSv1.3, so I enabled TLSv1.3 on my Web server which runs on Windows7 HP SP1 32-bit. I only changed from SSLProtocol -all +TLSv1.2 to SSLProtocol -all +TLSv1.2 +TLSv1.3. I did nothing about SSLCipherSuite Directive because the SSL_CTX_set_cipher_list page says ‘An empty list is permissible’.
The default value for the this setting is: “TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256”

   Here is the results before and after of SSL Labs Server Test.

Doing CHACHA and Brotli with Apache 2.4 on Windows.

Update information      Edit(May 2)

   Last October, I wrote “CHACHA20 Apache official version already supports but Apache Lounge version 2.4.23, which is my server current version, hasn’t yet“. On April 19, Steffen announced Apache 2.4.26-Dev available with Openssl 1.1.0e VC14. So, we can use CHACHA20_POLY1305 in the Windows version Apache now. For enabling the cipher you need to add CHACHA20-POLY1305 things to the SSLCipherSuite of the httpd-ssl.conf and reboot the Apache. Continue reading “Doing CHACHA and Brotli with Apache 2.4 on Windows.”

Letsencrypt.sh on Windows-#4.

[2017.OCt.20]    We can use mod_md in ApacheLounge 2.4.x version now, so I changed from dehydrated (former Letsencrypt.sh) to mod_md about certs updating tool. About this, see → “From dehydrate to mod_md, Let’s Encrypt Tool”.
========================================================
   On October 7, when I tested my site by SSL Server Test, I found ‘OCSP Must Staple Not Supported’ on it. So, I re-checked the old test report and also saw ‘OCSP Must Staple Not Supported’ there. I talked about this with くりくりさん at my Japanese blog comments. We also talked about Extended Validation(EV), CHACHA20, and Certificate Transparency(CT). But, these three are not available for my server now. EV is expensive. CHACHA20 Apache official version already supports but Apache Lounge version 2.4.23, which is my server current version, hasn’t yet. If I want to use, I need to build the supported version by myself. This is difficult for me. CT Apache hasn’t supported yet.
   However, I changed several things about my server TLS environment.
Continue reading “Letsencrypt.sh on Windows-#4.”

Letsencrypt.sh on Windows-#3.

Update information      Edit(Oct.26)

[2017.OCt.20]    We can use mod_md in ApacheLounge 2.4.x version now, so I changed from dehydrated (former Letsencrypt.sh) to mod_md about certs updating tool. About this, see → “From dehydrate to mod_md, Let’s Encrypt Tool”.
========================================================
[Oct.26]    As I use Elliptic curve Diffie–Hellman (ECDH) for kx now, I posted a new article. ☞“Letsencrypt.sh on Windows-#4”
========================================================
   On September 17, I got the first success of the renewal of Let’s Encrypt Certificates. The script and my batch made it at the daily task. I found the file differences in my Certs folder on the server like this ☟.

Continue reading “Letsencrypt.sh on Windows-#3.”

Letsencrypt.sh on Windows-#2.

Update information      Edit(Sep.19)  Edit2(Oct.26)

[2017.OCt.20]    We can use mod_md in ApacheLounge 2.4.x version now, so I changed from dehydrated (former Letsencrypt.sh) to mod_md about certs updating tool. About this, see → “From dehydrate to mod_md, Let’s Encrypt Tool”.
========================================================
[Oct.26]    As I use Elliptic curve Diffie–Hellman (ECDH) for kx now, I posted a new article. ☞“Letsencrypt.sh on Windows-#4”
========================================================
[Sep.19]    As I had a success about the first renewal of the Let’s Encrypt Certs automatically, I posted a new article. ☞“Letsencrypt.sh on Windows-#3”
   By the way, they renamed project from letsencrypt.sh to dehydrated. So you can find the project at https://github.com/lukas2511/dehydrated/releases. Therefore, read letsencrypt.sh as dehydrated in my article.
========================================================
   Continued from my last post.
   Now, I’ll write HowTO renew certs automatically by Letsencrypt.sh. Once I made the batch file which didn’t work well because of letsencrypt-win-simple limitation. But the part which was not related to letsencrypt-win-simple worked well.
Continue reading “Letsencrypt.sh on Windows-#2.”

Letsencrypt.sh on Windows-#1.

Update information      Edit(Sep.19)  Edit2(Oct.26)  Edit3(2017.Jul.9)

[2017.OCt.20]    We can use mod_md in ApacheLounge 2.4.x version now, so I changed from dehydrated (former Letsencrypt.sh) to mod_md about certs updating tool. About this, see → “From dehydrate to mod_md, Let’s Encrypt Tool”.
========================================================
[Oct.26]    As I use Elliptic curve Diffie–Hellman (ECDH) for kx now, I posted a new article. ☞“Letsencrypt.sh on Windows-#4”
========================================================
[Sep.19]    As I had a success about the first renewal of the Let’s Encrypt Certs automatically, I posted a new article. ☞“Letsencrypt.sh on Windows-#3”
   By the way, they renamed project from letsencrypt.sh to dehydrated. So you can find the project at https://github.com/lukas2511/dehydrated/releases. Therefore, read letsencrypt.sh as dehydrated in my article.
========================================================
   As I wrote, the script letsencrypt-win-simple doesn’t support the renewal of certificates on Apache Windows version still now, and the official client, that’s certbot, also doesn’t support Apache on Windows OS. So, I think I use the other script named letsencrypt.sh.
Continue reading “Letsencrypt.sh on Windows-#1.”

Memorandum #18.

   Recently I updated some server apps.

    Update information      Edit(Jul.21)
  1. From ActivePerl-5.22.1.2201 to ActivePerl-5.24.0.2400.
    Last time I installed ActivePerl-5.22.1.2201-MSWin32-x86-64int-299574.msi. But now they doesn’t provide an msi file. Then I tried to install ActivePerl-5.24.0.2400-MSWin32-x86-64int-300558.exe, but it gave me an error like the below.

    Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action CheckInstallDir, entry: CheckInstallDirNoBox, library: C:\Users\UserID\AppData\Local\Temp\MSIXXXX.tmp

    Continue reading “Memorandum #18.”

Upgrading from PHP5.6 to PHP7.0.

   Finally, PHP7.0.0 was released. Congrats and thanks, PHP developers!!
   Windows version appeared on windows.php.net around 21:00 UTC of December 3. Therefore, I upgraded from PHP5.6 to PHP7.0 this morning. Around 10:00 JST of December 4. Continue reading “Upgrading from PHP5.6 to PHP7.0.”