Apache Friends Support Forum

I have xampp 1.6.3a running on a windows server 2003 enterprise server. the version of openssl that it's running is 0.98, therefore, it's not vulnerable to Heartbleed. However, while in the process of updating and fixing all of our other servers that were vulnerable, i decided to upgrade our security across the board. i'm running into some problems with this version of openssl not supporting tlsv1.2, amongst a few other issues. I'd like to update OpenSSL independantly of xampp. is this possible?

Also, just to save time, please dont suggest upgrading my version of xampp, as thats not possible right now due to code on this server having dependencies on modules that aren't available for the newer versions of apache/php.

Thanks,
Josh

melophat wrote:I'd like to update OpenSSL independantly of xampp. is this possible?

You would need to recompile PHP with the new OpenSSL version.

Altrea wrote:

melophat wrote:I'd like to update OpenSSL independantly of xampp. is this possible?

You would need to recompile PHP with the new OpenSSL version.

Recompile the existing version of php with the newer version of openssl? Is there any way that I can tell how php was compiled for my current version? Flags and whatnot.

In your phpinfo() information is an information named "Configure Command", or in your command line interface by executing "php -i"
We don't provide any information or help for how to recompile php or how to replace or upgrade only one single component of XAMPP. XAMPP is only supported as and with the versions coming in this stack.
So if you want to do that, you are on your own and prodiding any further support or help for your customized installation will maybe not be possible.