See Changelog: https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?view=markup
Created attachment 198645 [details] Apache 2.4.37 patch
Not seeing any security fixes, am I missing something?
A commit references this bug: Author: brnrd Date: Sat Oct 27 14:36:42 UTC 2018 New revision: 483139 URL: https://svnweb.freebsd.org/changeset/ports/483139 Log: www/apache24: Update to 2.4.37 - Adds TLSv1.3 support with security/openssl111 PR: 232687 Submitted by: Pascal Christen <pascal christen hostpoint.ch> Reported by: Markus Kohlmeyer <rootservice gmail com> Reviewed by: ohauer Approved by: joneum Differential Revision: https://reviews.freebsd.org/D17668 Changes: head/www/apache24/Makefile head/www/apache24/distinfo head/www/apache24/files/patch-modules_ssl_mod__ssl.c head/www/apache24/files/patch-modules_ssl_ssl__engine__init.c
Thanks Markus, Pascal. Patched including fix-ups for LibreSSL.
On a 11.2p4 amd64, if I try to use mod_ssl.so, this happens: httpd: Syntax error on line 138 of /usr/local/etc/apache24/httpd.conf: Cannot load /usr/local/libexec/apache24/mod_ssl.so into server: /usr/local/libexec/apache24/mod_ssl.so: Undefined symbol "RAND_egd"
(In reply to Kurt Jaeger from comment #5) Best make that a separate PR. Please specify the DEFAULT_VERSIONS configuration too, OpenSSL version used. Share poudriere logs if possible.