WampServer

Hi all.

Has anyone successfully upgraded the version of OpenSSL to v1.0.2, or can provide instructions to do so? I have tried following the simple steps used to mitigate against the heartbleed vulnerability (outlined at [pioneear.wordpress.com]), but that hasn't worked

I'm running WAMP 2.2 64bit on a Windows 2008R2 64bit server. Just for the sake of it, I tried the steps outlined in the link above for OpenSSL 1.0.1p, 1.0.2d with both 32bit and 64bit builds, but each time I try the update, wamp will not come fully up (stays orange).

On each attempted update, I have tried running httpd.exe -t and each time I get the following error:
--------------------
httpd.exe: Syntax error on line 119 of C:/wamp/bin/apache/apache2.2.22/conf/httpd.conf: Cannot load C:/wamp/bin/apache/apache2.2.22/modules/mod_ssl.so into server: The specified module could not be found.
--------------------

The mod_ssl.so file is there, and works fine with the currently installed version of OpenSSL which is a few versions behind.

Any idea would be greatly appreciated!
Cheers!



Edited 1 time(s). Last edit at 08/11/2015 02:51AM by ntbutler2.

Hello,

Can we start with a few more accurate details on what you are running please. Can you answer the questions on this sticky post

---------------------------------------------------------------------------------------------
(Windows 10 Pro 64bit) (Wampserver 3.3.4 64bit) Aestan Tray Menu 3.2.5.4
<Apache versions MULTIPE> <PHP versions MULTIPLE> <MySQL Versions MULTIPLE>
<MariaDB versions MULTIPLE> <phpMyAdmin versions MULTIPLE> <MySQL Workbench 8.0.23>
Read The Manuals Apache -- MySQL -- PHP -- phpMyAdmin
Get your Apache/MySQL/mariaDB/PHP ADDONs here from the WAMPServer alternate Repo
-X-X-X- Backup your databases regularly Here is How dont regret it later! Yes even when developing -X-X-X-

Hi.
Of course - sorry about that.
As Mentioned:
- Windows 2008 R2 64bit
- WAMP Server 2.2 64bit
And the others:
- Apache 2.2.22
- PHP 5.3.13
- MySQL 5.5.24

Thanks :-)

Well the tutorial you followed seems fairly good, it almost matches my HOWTO, the only addition I would make is to also copy the

bin\libeay32.dll to \wamp\bin\php\php5.5.24
bin\libeay32.dll to \wamp\bin\php\php5.5.24

I did exactly what the tutorial says, plus my additional copy, to Apache2.2.22 and got Apache and phpinfo() to report the correct new verions of SSL, but I did it on a 32bit WAMPServer.

However:

Quote

httpd.exe: Syntax error on line 119 of C:/wamp/bin/apache/apache2.2.22/conf/httpd.conf: Cannot load C:/wamp/bin/apache/apache2.2.22/modules/mod_ssl.so into server: The specified module could not be found.

This looks to me like the libeay32.dll and/or libeay32.dll that you have got from slproweb are possibly compiled with a different and in this case incompatible version of the MSVC compiler. ( I cannot test the 64bit WAMPServer)

Or possibly you have loaded the 32bit versions into a 64bit WAMPServer!?

You get this kind of misleading message when you try and load a DLL that itself loads other DLL's etc etc. It unfortunately does not report how far down the chain it got before getting some kind of error and just reports the top level DLL as the issue.

---------------------------------------------------------------------------------------------
(Windows 10 Pro 64bit) (Wampserver 3.3.4 64bit) Aestan Tray Menu 3.2.5.4
<Apache versions MULTIPE> <PHP versions MULTIPLE> <MySQL Versions MULTIPLE>
<MariaDB versions MULTIPLE> <phpMyAdmin versions MULTIPLE> <MySQL Workbench 8.0.23>
Read The Manuals Apache -- MySQL -- PHP -- phpMyAdmin
Get your Apache/MySQL/mariaDB/PHP ADDONs here from the WAMPServer alternate Repo
-X-X-X- Backup your databases regularly Here is How dont regret it later! Yes even when developing -X-X-X-

Thanks for that! I hadn't updated the DLLs in the PHP folder, so I'll give that a shot tomorrow and can report back the results.
Cheers!

I doubt that in itself will make a whole lot of difference. Its more likely to be a dll/compiler mismatch or 32bit/64bit mismatch.

But anyway give it a try

---------------------------------------------------------------------------------------------
(Windows 10 Pro 64bit) (Wampserver 3.3.4 64bit) Aestan Tray Menu 3.2.5.4
<Apache versions MULTIPE> <PHP versions MULTIPLE> <MySQL Versions MULTIPLE>
<MariaDB versions MULTIPLE> <phpMyAdmin versions MULTIPLE> <MySQL Workbench 8.0.23>
Read The Manuals Apache -- MySQL -- PHP -- phpMyAdmin
Get your Apache/MySQL/mariaDB/PHP ADDONs here from the WAMPServer alternate Repo
-X-X-X- Backup your databases regularly Here is How dont regret it later! Yes even when developing -X-X-X-

Alrighty - solved it!

The issue was that the latest versions of OpenSSL have been compiled with Visual Studio 2013 Community Edition. As such, the server needs to have the corresponding VC Redistributable Runtime libraries installed. As soon as this was done, http.exe -t showed "Syntax OK" and everything works perfectly.

Thanks!

Could you send me a link to the HOWTO? Sorry - i see this is the wordpress link now.

I am trying to connect to a site using cURL in PHP but it is failing with "Unknown SSL protocol error in connection to xxxxx".

I have the git client installed with a newer version of cURL and openssl and it works OK. This was a site we have been accessing for 18 months and it has now stopped working. I figure they have upgraded their SSL protocols.

We are running WAMP 2.5 x64 on Windows 7 and W2K8 servers.

I thought I could try upgrading the openssl and maybe libcurl to see if they can now talk to the site.



Edited 1 time(s). Last edit at 04/29/2016 07:58AM by duanew.

Hi @duanew


What I did was:

Step 0. DO A BACKUP!!!!! Oh my word, do not forget this step!

1. Download the latest version of openSSL from [slproweb.com]

2. it's important to ensure that you have the version of the Microsoft Visual C++ redistributable package that matches the version of openssl you had downloaded. To be honest, this is where I kept getting tripped up, but I simply searched microsoft for all of them and installed them all (I needed some for other applications there anyway). I think the SL guys use visual studio 2013, so aim for the 2013 releases at least, and I'd probably do both 32bit and 64bit.

3. Once openSSL has been installed locally, go the the INSTALLDIR\bin\ folder, and copy the following files:
- libeay32.dll
- ssleay32.dll
- openssl.exe

4. Go to your WAMP\bin\apache\apache.ver\bin folder and paste the above files there.

5. At this stage, test the httpd config syntax. I'm a little rusty on the process, because it's now a button to simply click in WAMP 3.0, but I think you open a command window in your apache bin folder and run:
httpd.exe -t
- If there are any errors, address them, but I wouldn't think you'd see any if you have the right C++ libraries installed.

6. Restart your web services and it should come up now.

I hope that helps. I just went through a server migration, so I have done the steps as a from-scratch setup, so hopefully I've included the right info for a simple openSSL update.

From what you've mentioned though, you may need to see if you can update the actual version of cURL that is being used, although I would probably be wrong on that...

One last piece of info that might come in use - if you want to update your own server to have better SSL security, the Mozilla guys put out a good apache config generator. It's available at [mozilla.github.io]. It's really quick and neat, and will list the minimum spec of common browsers and OSs that are compatible with the particular profile you choose (modern, intermediate, etc).

Hope that helps!
-Nathan

Hi,

Quote
ntbutler2
3. Once openSSL has been installed locally, go the the INSTALLDIR\bin\ folder, and copy the following files:
- libeay32.dll
- ssleay32.dll
- openssl.exe

4. Go to your WAMP\bin\apache\apache.ver\bin folder and paste the above files there.

libeay32.dll and ssleay32.dll are already created as symbolic links to files in wamp/bin/php/phpx.y.z/ (x.y.z is the active version of PHP) and will be re-created when Wampserver is launched :

J:\wamp\bin\apache\apache2.4.17\bin>dir /al
29/04/2016  10:12    <SYMLINK>      icudt56.dll [J:/wamp/bin/php/php5.6.19/icudt56.dll]
29/04/2016  10:12    <SYMLINK>      icuin56.dll [J:/wamp/bin/php/php5.6.19/icuin56.dll]
29/04/2016  10:12    <SYMLINK>      icuio56.dll [J:/wamp/bin/php/php5.6.19/icuio56.dll]
29/04/2016  10:12    <SYMLINK>      icule56.dll [J:/wamp/bin/php/php5.6.19/icule56.dll]
29/04/2016  10:12    <SYMLINK>      iculx56.dll [J:/wamp/bin/php/php5.6.19/iculx56.dll]
29/04/2016  10:12    <SYMLINK>      icutest55.dll [J:/wamp/bin/php/php5.6.19/icutest55.dll]
29/04/2016  10:12    <SYMLINK>      icutu55.dll [J:/wamp/bin/php/php5.6.19/icutu55.dll]
29/04/2016  10:12    <SYMLINK>      icuuc56.dll [J:/wamp/bin/php/php5.6.19/icuuc56.dll]
29/04/2016  10:12    <SYMLINK>      libeay32.dll [J:/wamp/bin/php/php5.6.19/libeay32.dll]
29/04/2016  10:12    <SYMLINK>      libpq.dll [J:/wamp/bin/php/php5.6.19/libpq.dll]
29/04/2016  10:12    <SYMLINK>      libsasl.dll [J:/wamp/bin/php/php5.6.19/libsasl.dll]
29/04/2016  10:12    <SYMLINK>      libssh2.dll [J:/wamp/bin/php/php5.6.19/libssh2.dll]
29/04/2016  10:12    <SYMLINK>      php.ini [J:/wamp/bin/php/php5.6.19/phpForApache.ini]
29/04/2016  10:12    <SYMLINK>      php5ts.dll [J:/wamp/bin/php/php5.6.19/php5ts.dll]
29/04/2016  10:12    <SYMLINK>      ssleay32.dll [J:/wamp/bin/php/php5.6.19/ssleay32.dll]

---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons