The only thing that is useful with this is having ChaCha/Poly cipher right?
read LibreSSL - Wikipedia, the free encyclopedia and google for libressl vs openssl. LibreSSL is meant to be more secure, less legacy code (over 90k lines of code was removed from LibreSSL which is a fork of OpenSSL etc).
First live site of mine to switch to Centmin Mod .08 beta03 + LibreSSL branch is sslspdy.com which is test site for ECC 256 bit SSL certificates
good news , i got a question is this LiberSSL Totally free ? for example i can make a ssl for my own website ? without buy anything ? and something else ; im using Cloudflare Free SSL Is that recommended ? its using SSLSPDY
no no.. OpenSSL, LibreSSL and BoringSSL are what allows Nginx to support https - nothing to do with SSL certificates themselves. You need to buy your SSL certificates still
nice threads to read on Cloudflare cloudflare ssl | Centmin Mod Community and particularly SSL - Cloudflare free SSL in mid-October | Page 3 | Centmin Mod Community and one negative of Cloudflare free SSL is it uses ECC 256 bit and not all tools support it, i.e. curl Cloudflare Free SSL isn't full SSL as it only protects traffic between Cloudflare proxy/your site and visitors. The connection between Cloudflare and your site is unencrypted/unprotected unless you have Full Strict Cloudflare SSL which means you still need an SSL certificate on your site itself so that Cloudflare connection to your server is encrypted/protected. For SSL certificate specific questions best to ask at Domains, DNS, Email & SSL Certificates | Centmin Mod Community
Merged 123.08beta03-libresslclang branch into official 123.08beta03 branch so everyone can have some fun beta testing the much faster install and more secure Nginx compiled with LibreSSL by default with chacha20_poly1305 cipher support natively included in LibreSSL June 10th commits Commits · centminmod/centminmod · GitHub test it guys !!! see if we can be on track for .08 stable release by end of this month
Currently Centmin Mod uses LibreSSL 2.1.6. Soon 2.2.0 will be out (currently in pre-reelase dev build status) at LibreSSL - FreeBSD Wiki note they have disabled SSLv3 by default in LibreSSL 2.2.0 Code: Address POODLE attack by disabling SSLv3 by default. testing LibreSSL 2.2.0 pre-release - it has a different download url filename than 2.1.6, so you need to manually download and rename via wget the file in /svr-setup. One liner command to do that before running Nginx recompile via centmin.sh menu option 4 Code: wget -O /svr-setup/libressl-portable-v2.2.0.tar.gz https://github.com/libressl-portable/portable/archive/2.2.0.tar.gz end result
Rebuilding my live server Code: nginx version: nginx/1.9.1 built by clang 3.4.2 (tags/RELEASE_34/dot2-final) built with LibreSSL 2.2.0 TLS SNI support enabled configure arguments: --with-ld-opt='-lrt -ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/lib' --with-cc-opt='-m64 -mtune=native -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-deprecated-declarations -Wno-unused-parameter -Wno-unused-const-variable -Wno-conditional-uninitialized -Wno-mismatched-tags -Wno-c++11-extensions -Wno-sometimes-uninitialized -Wno-parentheses-equality -Wno-tautological-compare -Wno-self-assign' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --with-http_ssl_module --with-http_gzip_static_module --with-http_stub_status_module --with-http_sub_module --with-http_addition_module --with-http_image_filter_module --with-http_secure_link_module --with-http_flv_module --with-http_realip_module --with-http_geoip_module --with-openssl-opt=enable-tlsext --add-module=../ngx-fancyindex-ngx-fancyindex --add-module=../ngx_cache_purge-2.3 --add-module=../headers-more-nginx-module-0.25 --add-module=../nginx-accesskey-2.0.3 --add-module=../nginx-http-concat-master --with-http_dav_module --add-module=../nginx-dav-ext-module-0.0.3 --add-module=../openresty-memc-nginx-module-1518da4 --add-module=../openresty-srcache-nginx-module-ffa9ab7 --add-module=../ngx_devel_kit-0.2.19 --add-module=../set-misc-nginx-module-0.28 --add-module=../echo-nginx-module-0.57 --add-module=../lua-nginx-module-0.9.16rc1 --add-module=../lua-upstream-nginx-module-0.02 --add-module=../lua-upstream-cache-nginx-module-0.1.1 --add-module=../nginx_upstream_check_module-0.3.0 --add-module=../nginx-module-vts --with-openssl=../portable-2.2.0 --with-libatomic --with-threads --with-stream --with-stream_ssl_module --with-pcre=../pcre-8.37 --with-pcre-jit --with-http_spdy_module --add-module=../ngx_pagespeed-release-1.9.32.3-beta
This forum has been updated to Centmin Mod .08 beta 03 latest with Nginx compiled with Clang compiler (up to 20% faster installs!) and LibreSSL 2.2.0 support. For LibreSSL 2.2.0 have to manually download it from master branch as it's not available as a tagged release on github yet as outlined at Security - OpenSSL 1.0.2c & LibreSSL 2.2.0 Released & Updating Centmin Mod Nginx SSL Support Code: wget -O /svr-setup/libressl-portable-v2.2.0.tar.gz https://github.com/libressl-portable/portable/archive/master.tar.gz cd /svr-setup tar xvzf libressl-portable-v2.2.0.tar.gz mv /svr-setup/portable-master /svr-setup/portable-2.2.0
it is now Security - OpenSSL 1.0.2c & LibreSSL 2.2.0 Released & Updating Centmin Mod Nginx SSL Support | Centmin Mod Community
LibreSSL has released v2.2.1 Changelog: So far it work by editing centmin.sh Code: [root@panel centminmod]# nginx -V nginx version: nginx/1.9.2 built by clang 3.4.2 (tags/RELEASE_34/dot2-final) built with LibreSSL 2.2.1 TLS SNI support enabled