Date: Thu, 6 Apr 2023 18:00:47 +0200 (GMT+02:00) From: Alexander Burke <alex@alexburke.ca> To: William Dudley <wfdudley@gmail.com> Cc: questions@freebsd.org Subject: Re: updated to 13.1 (i386). Apache won't run if php80 enabled Message-ID: <f2ece35e-4c21-497e-88a4-99f5d43bd82f@alexburke.ca> In-Reply-To: <CAFsnNZLUtJzmnrBdmUJ1Z6F9-gSCjrjdyF46oORvvzyHG%2Bm8cg@mail.gmail.com> References: <CAFsnNZJxHSFc-Tb2PmLq59HWNxD6SNjwQqnPneJfRXqMipUw8g@mail.gmail.com> <20230406070831.a6f09f389baed2a6ff4dbbbb@sohara.org> <CAAdA2WMovgFWBC6A2ApA9==k4WH-PpnY8GVs1Ww4CC-Myid3Pg@mail.gmail.com> <CAFsnNZLUtJzmnrBdmUJ1Z6F9-gSCjrjdyF46oORvvzyHG%2Bm8cg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
------=_Part_45_122276321.1680796849377 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi Bill, > I'm using the port of sendmail so STARTTLS will work. I recommend in the strongest possible terms that you not use STARTTLS in an= y way, and that you use TLS-enforced SMTPS (port 465) and IMAPS (port 993) = exclusively with clients. [1,2] When your sendmail can't reach other MTAs on 465 to deliver mail to them, i= t can and should drop back to using port 25 with no TLS, but clients (MUAs)= accessing it should use only 465 and 993. Cheers, Alex [1] https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacks [2] https://nostarttls.secvuln.info/ ---------------------------------------- Apr 6, 2023 16:15:33 William Dudley <wfdudley@gmail.com>: >=20 > my reply below. >=20 > On Thu, Apr 6, 2023 at 2:20=E2=80=AFAM Odhiambo Washington <odhiambo@gmai= l.com> wrote: >>=20 >>=20 >> On Thu, Apr 6, 2023 at 9:09=E2=80=AFAM Steve O'Hara-Smith <steve@sohara.= org> wrote: >>> On Wed, 5 Apr 2023 11:09:37 -0400 >>> William Dudley <wfdudley@gmail.com> wrote: >>>=20 >>>> I have another machine running 13.1, but it's amd64.=C2=A0 It happily = runs >>>> Apache with php80, so I downgraded the i386 machine to php80 >>>> so the two machines would be "the same". >>>> >>>> Except this didn't fix the problem.=C2=A0 Apache won't run with either= php80 >>>> OR php81 enabled, using this stanza in httpd.conf: >>>=20 >>> =C2=A0 =C2=A0 =C2=A0 =C2=A0 Two possibilities spring to mind >>>=20 >>> =C2=A0 =C2=A0 =C2=A0 =C2=A0 - the two machines are not "the same", chec= k all relevant package >>> versions right down the dependency tree. >>>=20 >>> =C2=A0 =C2=A0 =C2=A0 =C2=A0 - The code depends on a feature not in one = CPU or something of that >>> order. Given that PHP and Apache work independently the glue is the pri= me >>> suspect, I'd try building mod-php from ports. >>=20 >> He wants to keep things simple, so he prefers pkg install... no ports. >=20 > I'm not averse to trying the port to see what happens.=C2=A0 I'm using th= e port of sendmail > so STARTTLS will work. >=20 > Bill Dudley > =C2=A0 >>=20 >> --=20 >> Best regards, >> Odhiambo WASHINGTON, >> Nairobi,KE >> +254 7 3200 0004/+254 7 2274 3223 >> "Oh, the cruft.",=C2=A0egrep -v '^$|^.*#'=C2=A0=C2=AF\_(=E3=83=84)_/=C2= =AF=C2=A0:-) >> [How to ask smart questions:=C2=A0http://www.catb.org/~esr/faqs/smart-qu= estions.html] ------=_Part_45_122276321.1680796849377 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable <html> <head> <meta name=3D"viewport" content=3D"width=3Ddevice-width, initial-scale=3D= 1.0"> </head> <body lang=3D"en"> <div style=3D"font-family: sans-serif;"> <span dir=3D"ltr" style=3D"margin-top:0; margin-bottom:0;">Hi Bill,</spa= n> <br> <br> <blockquote style=3D"border-left:3px solid #ccc; padding-left:10px;margi= n:0;"> <span dir=3D"ltr" style=3D"margin-top:0; margin-bottom:0;">I'm using th= e port of sendmail so STARTTLS will work.</span> <br> </blockquote> <br> <span dir=3D"ltr" style=3D"margin-top:0; margin-botto= m:0;">I recommend in the strongest possible terms that you not use STARTTLS= in any way, and that you use TLS-enforced SMTPS (port 465) and IMAPS (port= 993) exclusively with clients. [1,2]</span> <br> <br> <span dir=3D"ltr" st= yle=3D"margin-top:0; margin-bottom:0;">When your sendmail can't reach other= MTAs on 465 to deliver mail to them, it can and should drop back to using = port 25 with no TLS, but clients (MUAs) accessing it should use only 465 an= d 993.</span> <br> <br> <span dir=3D"ltr" style=3D"margin-top:0; margin-bot= tom:0;">Cheers,</span> <br> <span dir=3D"ltr" style=3D"margin-top:0; margin= -bottom:0;">Alex</span> <br> <br> <span dir=3D"ltr" style=3D"margin-top:0; = margin-bottom:0;">[1] https://www.eff.org/deeplinks/2014/11/starttls-downgr= ade-attacks</span> <br> <br> <span dir=3D"ltr" style=3D"margin-top:0; margi= n-bottom:0;">[2] https://nostarttls.secvuln.info/</span>; <br> </div> <div><br> <div> <hr> <p>Apr 6, 2023 16:15:33 William Dudley <wfdudley@gmail.com>:</p> </div> <blockquote style=3D"margin:0;border-left:3px solid #ccc; padding-left:1= 0px"> <div dir=3D"ltr"> <div dir=3D"ltr"><br clear=3D"all"> <div> <div class=3D"gmail_signature gmail-show"> my reply below. </div> </div> </div><br> <div class=3D"gmail_quote"> <div dir=3D"ltr" class=3D"gmail_attr"> On Thu, Apr 6, 2023 at 2:20=E2=80=AFAM Odhiambo Washington <<a hr= ef=3D"mailto:odhiambo@gmail.com">odhiambo@gmail.com</a>> wrote:<br> </div> <blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;b= order-left:1px solid rgb(204,204,204);padding-left:1ex"> <div dir=3D"ltr"> <div dir=3D"ltr"><br> </div><br> <div class=3D"gmail_quote"> <div dir=3D"ltr" class=3D"gmail_attr"> On Thu, Apr 6, 2023 at 9:09=E2=80=AFAM Steve O'Hara-Smith <<a = href=3D"mailto:steve@sohara.org" target=3D"_blank">steve@sohara.org</a>>= wrote:<br> </div> <blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8e= x;border-left:1px solid rgb(204,204,204);padding-left:1ex"> On Wed, 5 Apr 2023 11:09:37 -0400<br> William Dudley <<a href= =3D"mailto:wfdudley@gmail.com" target=3D"_blank">wfdudley@gmail.com</a>>= wrote:<br> <br> > I have another machine running 13.1, but it's amd64.&= nbsp; It happily runs<br> > Apache with php80, so I downgraded the i386 = machine to php80<br> > so the two machines would be "the same".<br> >= <br> > Except this didn't fix the problem. Apache won't run with = either php80<br> > OR php81 enabled, using this stanza in httpd.conf:<br= > <br> Two possibilities spring to mind<br> <br= > - the two machines are not "the same", check = all relevant package<br> versions right down the dependency tree.<br> <br> = - The code depends on a feature not in one CPU = or something of that<br> order. Given that PHP and Apache work independentl= y the glue is the prime<br> suspect, I'd try building mod-php from ports.<b= r> </blockquote> <div></div> </div> <div><br> </div>He wants to keep things simple, so he prefers pkg install... = no ports.<br clear=3D"all"> </div> </blockquote> <div><br> </div> <div> I'm not averse to trying the port to see what happens. I'm usi= ng the port of sendmail </div> <div> so STARTTLS will work. </div> <div><br> </div> <div> Bill Dudley </div> <div> </div> <blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;b= order-left:1px solid rgb(204,204,204);padding-left:1ex"> <div dir=3D"ltr"> <div><br> </div><span>-- </span><br> <div dir=3D"ltr"> <div dir=3D"ltr"> <div dir=3D"ltr"> <div> Best regards,<br>Odhiambo WASHINGTON,<br>Nairobi,KE<br>+254 7 3= 200 0004/+254 7 2274 3223<br>"<span style=3D"font-size:12.8px">Oh, the cruf= t.</span><span style=3D"font-size:12.8px">", </span><span style=3D"fon= t-size:12.8px">egrep -v '^$|^.*#' </span><span style=3D"background-col= or:rgb(34,34,34);color:rgb(238,238,238);font-size:13.6px;font-family:"= Lucida Console",Consolas,"Courier New",monospace">=C2=AF\_(= =E3=83=84)_/=C2=AF</span><span style=3D"font-size:12.8px"> :-)</span> </div> <div><span style=3D"font-size:12.8px">[How to ask smart question= s: </span><span style=3D"font-size:12.8px"><a href=3D"http://www.catb.= org/~esr/faqs/smart-questions.html" target=3D"_blank">http://www.catb.org/~= esr/faqs/smart-questions.html</a>]</span> </div> </div> </div> </div> </div> </blockquote> </div> </div> </blockquote> </div> </body> </html> ------=_Part_45_122276321.1680796849377--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f2ece35e-4c21-497e-88a4-99f5d43bd82f>