Learn about Centmin Mod LEMP Stack today
Register Now

Beta Branch add OPENSSL_SYSTEM_USE for Nginx system OpenSSL in 130.00beta01

Discussion in 'Centmin Mod Github Commits' started by eva2000, Oct 29, 2023.

  1. eva2000

    eva2000 Administrator Staff Member

    51,210
    11,898
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,372
    Local Time:
    10:36 PM
    Nginx 1.25.x
    MariaDB 10.x
    add OPENSSL_SYSTEM_USE for Nginx system OpenSSL in 130.00beta01

    - add variable OPENSSL_SYSTEM_USE='y' when set in persistent config file /etc/centminmod/custom_config.inc prior to initial Centmin Mod install or prior to centmin.sh menu option 4 Nginx recompile, will tell Nginx to use operating system OpenSSL version instead. OpenSSL system versions for CentOS 7 = 1.0.2k, EL8 = 1.1.1k and EL9 = 3.0.7
    - this maybe useful for EL8 systems at least as OpenSSL 3.0 and OpenSSL 3.1 have performance regressions compared to OpenSSL 1.1.1 which is currently faster version. OpenSSL 1.1.1 is now EOL, so we should be using OpenSSL 3+. However, EL7, EL8, EL9 system OpenSSL has extended support lifetime until end of the OSes 10 yr support. This means on EL8 systems the included OpenSSL 1.1.1k is supported still so folks may want to set OPENSSL_SYSTEM_USE='y' and build Nginx on EL8 system OpenSSL 1.1.1k until OpenSSL folks fix the persformance regressions in OpenSSL 3.
    - EL7, EL8 , EL9 OpenSSL version number never changes as RHEL upstream will also backport fixes and updates from newer versions back into the reported version number
    - Current performance from fastest to slowest is OpenSSL 1.1.1 > 3.2 beta > 3.1 > 3.0


    example on AlmaLinux 8 EL8 OPENSSL_SYSTEM_USE='y'

    nginx -V
    nginx version: nginx/1.25.3 (281023-151312-almalinux8-kvm-2c13c02-br-6e975bc)
    built by gcc 11.2.1 20220127 (Red Hat 11.2.1-9) (GCC)
    built with OpenSSL 1.1.1k FIPS 25 Mar 2021

    example on AlmaLinux 9 EL9 OPENSSL_SYSTEM_USE='y'

    nginx -V
    nginx version: nginx/1.25.3 (281023-191307-almalinux9-2c13c02-br-a71f931)
    built by gcc 12.2.1 20221121 (Red Hat 12.2.1-7) (GCC)
    built with OpenSSL 3.0.7 1 Nov 2022

    Continue reading...

    130.00beta01 branch

    Support Centmin Mod


    If you find Centmin Mod useful, please help support Centmin Mod