How to check apache for SNI (Server Name Indication ) availability?
The stock CentOS httpd & mod_ssl packages would already have supported SNI. SNI has been supported by openssl since version 0.9.8f and any httpd since version 2.2.12 built with openssl 0.9.8f and newer automatically will support SNI.
But to check if your httpd and mod_ssl support SNI:
Simply test by configuring name based SSL/TLS virtual hosts and check your error log after restarting (from the apache httpd wiki you already linked to):
How can you tell if your Apache build supports SNI?
If you configure multiple name-based virtual hosts for an address where SSL is configured, and SNI isn't built into your Apache, then upon Apache startup a message like
"You should not use name-based virtual hosts in conjunction with SSL!!"
will occur in the error log.
If SNI is built in, then the error log will show"[warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)".
Alternatively use ldd
to confirm that mod_ssl is linked against openssl's libssl and confirm the version:
ldd /usr/lib64/httpd/modules/mod_ssl.so
linux-vdso.so.1 => (0x00007fff323f8000)
libssl.so.10 => /lib64/libssl.so.10 (0x00007f3d99792000) <=======
libcrypto.so.10 => /lib64/libcrypto.so.10 (0x00007f3d993a8000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f3d9918b000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f3d98f87000)
libc.so.6 => /lib64/libc.so.6 (0x00007f3d98bc6000)
libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007f3d98977000)
libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f3d98690000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f3d9848c000)
libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007f3d98259000)
libz.so.1 => /lib64/libz.so.1 (0x00007f3d98043000)
/lib64/ld-linux-x86-64.so.2 (0x00007f3d99c3d000)
libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007f3d97e34000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007f3d97c2f000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f3d97a15000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f3d977ed000)
libpcre.so.1 => /lib64/libpcre.so.1 (0x00007f3d9758c000)
rpm -qf /lib64/libssl.so.10
openssl-libs-1.0.1e-60.el7_3.1.x86_64