Want more timely Centmin Mod News Updates?
Become a Member

OpenSSL OpenSSL 1.1.0 is about to released

Discussion in 'CentOS, Redhat & Oracle Linux News' started by bassie, Jul 2, 2016.

  1. bassie

    bassie Active Member

    494
    104
    43
    Apr 29, 2016
    Ratings:
    +312
    Local Time:
    10:34 PM
    I can't find the right forum section for OpenSSL.
    I found this comment 'OpenSSL 1.1.0 is about to released' from a member of the OpenSSL development team, while I was looking for a specific bug.

    Perhaps to be expected but always good news.
    A pretty impressive changelog, with the following highlights:
    • Support for ChaCha20-Poly1305 (RFC 7539)
    • Support for extended master secret
    • Support for X25519
    • Support for DANE and Certificate Transparency
    • CCM Ciphersuites
    • SSLv2 removed
    • Kerberos ciphersuite support removed
    • RC4 removed from DEFAULT ciphersuites in libssl
    • 40 and 56 bit cipher support removed from libssl
     
    Last edited by a moderator: Aug 9, 2016
    • Like Like x 1
    • Informative Informative x 1
  2. eva2000

    eva2000 Administrator Staff Member

    28,984
    6,579
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,766
    Local Time:
    6:34 AM
    Nginx 1.13.x
    MariaDB 5.5
    nice thanks for heads up - moved to a more appropriate forum :)

    hoping nginx fixes it's openssl 1.1 compatibility as nginx folks were waiting on openssl 1.1 code to stablise :D
     
  3. eva2000

    eva2000 Administrator Staff Member

    28,984
    6,579
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,766
    Local Time:
    6:34 AM
    Nginx 1.13.x
    MariaDB 5.5
    new beta is out [openssl-announce] OpenSSL version 1.1.0 pre release 6 published

     
  4. eva2000

    eva2000 Administrator Staff Member

    28,984
    6,579
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,766
    Local Time:
    6:34 AM
    Nginx 1.13.x
    MariaDB 5.5
    @bassie edited 1st post to wrap long change log in spoiler code :)

    tried OpenSSL 1.1.0-pre6 beta and failed to compile with Nginx 1.11.3
    Set persistent config /etc/centminmod/custom_config.inc to switch from default LibreSSL to OpenSSL and set OPENSSL_VERSION to 1.1.0-pre6
    Code (Text):
    OPENSSL_VERSION='1.1.0-pre6'
    LIBRESSL_SWITCH='n'
    

    then run centmin.sh menu option 4 to recompile Nginx 1.11.3 and relevant output
    Code (Text):
    ./configure --with-ld-opt="-ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/lib" --with-cc-opt="-m64 -mtune=native -mfpmath=sse -g -O3 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-sign-compare -Wno-string-plus-int -Wno-deprecated-declarations -Wno-unused-parameter -Wno-unused-const-variable -Wno-conditional-uninitialized -Wno-mismatched-tags -Wno-c++11-extensions -Wno-sometimes-uninitialized -Wno-parentheses-equality -Wno-tautological-compare -Wno-self-assign -Wno-deprecated-register -Wno-deprecated -Wno-invalid-source-encoding -Wno-pointer-sign -Wno-parentheses -Wno-enum-conversion -Wno-c++11-compat-deprecated-writable-strings -Wno-write-strings" --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --with-http_stub_status_module --with-http_secure_link_module --with-openssl-opt="enable-tlsext" --add-module=../nginx-module-vts --with-libatomic --with-threads --with-stream=dynamic --with-stream_ssl_module --with-http_gzip_static_module --with-http_sub_module --with-http_addition_module --with-http_image_filter_module=dynamic --with-http_geoip_module --with-stream_geoip_module --with-http_realip_module --add-dynamic-module=../ngx-fancyindex-0.4.0 --add-module=../ngx_cache_purge-2.3 --add-module=../ngx_devel_kit-0.3.0 --add-module=../set-misc-nginx-module-0.30 --add-module=../echo-nginx-module-0.59 --add-module=../redis2-nginx-module-0.13 --add-module=../ngx_http_redis-0.3.7 --add-module=../memc-nginx-module-0.17 --add-module=../srcache-nginx-module-0.31 --add-module=../headers-more-nginx-module-0.30 --with-pcre=../pcre-8.39 --with-pcre-jit --with-http_ssl_module --with-http_v2_module --with-openssl=../openssl-1.1.0-pre6
    checking for OS
    + Linux 3.10.0-327.22.2.el7.x86_64 x86_64
    checking for C compiler ... found
    + using Clang C compiler
    + clang version: 3.4.2 (tags/RELEASE_34/dot2-final)
    checking for --with-ld-opt="-ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/lib" ... found
    checking for -Wl,-E switch ... found
    checking for gcc builtin atomic operations ... found
    checking for C99 variadic macros ... found
    checking for gcc variadic macros ... found
    checking for gcc builtin 64 bit byteswap ... found
    checking for unistd.h ... found
    checking for inttypes.h ... found
    checking for limits.h ... found
    checking for sys/filio.h ... not found
    checking for sys/param.h ... found
    checking for sys/mount.h ... found
    checking for sys/statvfs.h ... found
    checking for crypt.h ... found
    checking for Linux specific features
    checking for epoll ... found
    checking for EPOLLRDHUP ... found
    checking for EPOLLEXCLUSIVE ... not found
    checking for O_PATH ... found
    checking for sendfile() ... found
    checking for sendfile64() ... found
    checking for sys/prctl.h ... found
    checking for prctl(PR_SET_DUMPABLE) ... found
    checking for sched_setaffinity() ... found
    checking for crypt_r() ... found
    checking for sys/vfs.h ... found
    checking for nobody group ... found
    checking for poll() ... found
    checking for /dev/poll ... not found
    checking for kqueue ... not found
    checking for crypt() ... not found
    checking for crypt() in libcrypt ... found
    checking for F_READAHEAD ... not found
    checking for posix_fadvise() ... found
    checking for O_DIRECT ... found
    checking for F_NOCACHE ... not found
    checking for directio() ... not found
    checking for statfs() ... found
    checking for statvfs() ... found
    checking for dlopen() ... not found
    checking for dlopen() in libdl ... found
    checking for sched_yield() ... found
    checking for SO_SETFIB ... not found
    checking for SO_REUSEPORT ... found
    checking for SO_ACCEPTFILTER ... not found
    checking for SO_BINDANY ... not found
    checking for IP_BIND_ADDRESS_NO_PORT ... not found
    checking for IP_TRANSPARENT ... found
    checking for IP_BINDANY ... not found
    checking for IP_RECVDSTADDR ... not found
    checking for IP_PKTINFO ... found
    checking for IPV6_RECVPKTINFO ... found
    checking for TCP_DEFER_ACCEPT ... found
    checking for TCP_KEEPIDLE ... found
    checking for TCP_FASTOPEN ... found
    checking for TCP_INFO ... found
    checking for accept4() ... found
    checking for eventfd() ... found
    checking for int size ... 4 bytes
    checking for long size ... 8 bytes
    checking for long long size ... 8 bytes
    checking for void * size ... 8 bytes
    checking for uint32_t ... found
    checking for uint64_t ... found
    checking for sig_atomic_t ... found
    checking for sig_atomic_t size ... 4 bytes
    checking for socklen_t ... found
    checking for in_addr_t ... found
    checking for in_port_t ... found
    checking for rlim_t ... found
    checking for uintptr_t ... uintptr_t found
    checking for system byte ordering ... little endian
    checking for size_t size ... 8 bytes
    checking for off_t size ... 8 bytes
    checking for time_t size ... 8 bytes
    checking for setproctitle() ... not found
    checking for pread() ... found
    checking for pwrite() ... found
    checking for pwritev() ... found
    checking for sys_nerr ... found
    checking for localtime_r() ... found
    checking for posix_memalign() ... found
    checking for memalign() ... found
    checking for mmap(MAP_ANON|MAP_SHARED) ... found
    checking for mmap("/dev/zero", MAP_SHARED) ... found
    checking for System V shared memory ... found
    checking for POSIX semaphores ... not found
    checking for POSIX semaphores in libpthread ... found
    checking for struct msghdr.msg_control ... found
    checking for ioctl(FIONBIO) ... found
    checking for struct tm.tm_gmtoff ... found
    checking for struct dirent.d_namlen ... not found
    checking for struct dirent.d_type ... found
    checking for sysconf(_SC_NPROCESSORS_ONLN) ... found
    checking for openat(), fstatat() ... found
    checking for getaddrinfo() ... found
    configuring additional modules
    adding module in ../nginx-module-vts
    + ngx_http_vhost_traffic_status_module was configured
    adding module in ../ngx_cache_purge-2.3
    + ngx_http_cache_purge_module was configured
    adding module in ../ngx_devel_kit-0.3.0
    + ngx_devel_kit was configured
    adding module in ../set-misc-nginx-module-0.30
    found ngx_devel_kit for ngx_set_misc; looks good.
    + ngx_http_set_misc_module was configured
    adding module in ../echo-nginx-module-0.59
    + ngx_http_echo_module was configured
    adding module in ../redis2-nginx-module-0.13
    + ngx_http_redis2_module was configured
    adding module in ../ngx_http_redis-0.3.7
    + ngx_http_redis_module was configured
    adding module in ../memc-nginx-module-0.17
    + ngx_http_memc_module was configured
    adding module in ../srcache-nginx-module-0.31
    + ngx_http_srcache_filter_module was configured
    adding module in ../headers-more-nginx-module-0.30
    + ngx_http_headers_more_filter_module was configured
    configuring additional dynamic modules
    adding module in ../ngx-fancyindex-0.4.0
    + ngx_http_fancyindex_module was configured
    checking for zlib library ... found
    checking for GD library ... found
    checking for GeoIP library ... found
    checking for atomic_ops library ... found
    creating objs/Makefile
    
    Configuration summary
      + using threads
      + using PCRE library: ../pcre-8.39
      + using OpenSSL library: ../openssl-1.1.0-pre6
      + using system zlib library
      + using system libatomic_ops library
    
      nginx path prefix: "/usr/local/nginx"
      nginx binary file: "/usr/local/sbin/nginx"
      nginx modules path: "/usr/local/nginx/modules"
      nginx configuration prefix: "/usr/local/nginx/conf"
      nginx configuration file: "/usr/local/nginx/conf/nginx.conf"
      nginx pid file: "/usr/local/nginx/logs/nginx.pid"
      nginx error log file: "/usr/local/nginx/logs/error.log"
      nginx http access log file: "/usr/local/nginx/logs/access.log"
      nginx http client request body temporary files: "client_body_temp"
      nginx http proxy temporary files: "proxy_temp"
      nginx http fastcgi temporary files: "fastcgi_temp"
      nginx http uwsgi temporary files: "uwsgi_temp"
      nginx http scgi temporary files: "scgi_temp"
    
    
    Tue Aug  9 08:14:51 UTC 2016
    Success: Nginx configure ok

    Code (Text):
    ccache /usr/bin/clang -ferror-limit=0 -c -pipe  -O -Wall -Wextra -Wpointer-arith -Wconditional-uninitialized -Wno-unused-parameter -Werror -g -m64 -mtune=native -mfpmath=sse -g -O3 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-sign-compare -Wno-string-plus-int -Wno-deprecated-declarations -Wno-unused-parameter -Wno-unused-const-variable -Wno-conditional-uninitialized -Wno-mismatched-tags -Wno-c++11-extensions -Wno-sometimes-uninitialized -Wno-parentheses-equality -Wno-tautological-compare -Wno-self-assign -Wno-deprecated-register -Wno-deprecated -Wno-invalid-source-encoding -Wno-pointer-sign -Wno-parentheses -Wno-enum-conversion -Wno-c++11-compat-deprecated-writable-strings -Wno-write-strings -DNDK_SET_VAR -DNDK_UPSTREAM_LIST -I src/core -I src/event -I src/event/modules -I src/os/unix -I ../ngx_devel_kit-0.3.0/objs -I objs/addon/ndk -I ../pcre-8.39 -I ../openssl-1.1.0-pre6/.openssl/include -I objs \
            -o objs/src/event/ngx_event_openssl.o \
            src/event/ngx_event_openssl.c
    src/event/ngx_event_openssl.c:2026:21: error: use of undeclared identifier 'SSL_R_NO_CIPHERS_PASSED'
                || n == SSL_R_NO_CIPHERS_PASSED                          /*  182 */
                        ^
    1 error generated.
    make[1]: *** [objs/src/event/ngx_event_openssl.o] Error 1
    make[1]: Leaving directory `/svr-setup/nginx-1.11.3'
    make: *** [build] Error 2

    relevant thread at OpenSSL 1.1.0 Pre 6 patch for Nginx 1.11.*

    Nginx officially ain't looking to make OpenSSL 1.1.0 compatible until stable release is out. But someone did provide a patch Re: OpenSSL 1.1.0 Pre 6 patch for Nginx 1.11.*
     
  5. eva2000

    eva2000 Administrator Staff Member

    28,984
    6,579
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,766
    Local Time:
    6:34 AM
    Nginx 1.13.x
    MariaDB 5.5
    Added unofficial Nginx OpenSSL 1.1.0 pre-beta patch to Centmin Mod 123.09beta01 latest code Beta Branch - add unofficial OpenSSL 1.1.0-pre6 Nginx patch routine in 123.09beta01 | Centmin Mod Community The routine will detect if OPENSSL_VERSION is 1.1 based or 1.0 based and whether it has 'pre' tag in version and only apply unofficial patch to 1.1 with pre tag in OPENSSL_VERSION.

    FYI, Final OpenSSL 1.1.0 release is slated for August 25th, 2016.

    Set persistent config /etc/centminmod/custom_config.inc to switch from default LibreSSL to OpenSSL and set OPENSSL_VERSION to 1.1.0-pre6
    Code (Text):
    OPENSSL_VERSION='1.1.0-pre6'
    LIBRESSL_SWITCH='n'
    

    then via centmin.sh menu option 4 specifying Nginx version = 1.11.3
    relevant line from centmin.sh menu option 4 nginx recompile run
    Code (Text):
    *************************************************
    Nginx Patch Time - 1 seconds delay
    to allow you to patch files
    *************************************************
      _   _         _                 ___                       ____  ____   _
    | \ | |  __ _ (_) _ __  __  __  / _ \  _ __    ___  _ __  / ___|/ ___| | |
    |  \| | / _` || || '_ \ \ \/ / | | | || '_ \  / _ \| '_ \ \___ \\___ \ | |
    | |\  || (_| || || | | | >  <  | |_| || |_) ||  __/| | | | ___) |___) || |___
    |_| \_| \__, ||_||_| |_|/_/\_\  \___/ | .__/  \___||_| |_||____/|____/ |_____|
             |___/                         |_|                                
           _     _     ___    ____                 __ ____         _    
          / |   / |   / _ \  |  _ \  _ __  ___    / /| __ )   ___ | |_  __ _
          | |   | |  | | | | | |_) || '__|/ _ \  / / |  _ \  / _ \| __|/ _` |
          | | _ | | _| |_| | |  __/ | |  |  __/ / /  | |_) ||  __/| |_| (_| |
          |_|(_)|_|(_)\___/  |_|    |_|   \___|/_/   |____/  \___| \__|\__,_|
                                                                         
                              ____         _         _
                             |  _ \  __ _ | |_  ___ | |__
                             | |_) |/ _` || __|/ __|| '_ \
                             |  __/| (_| || |_| (__ | | | |
                             |_|    \__,_| \__|\___||_| |_|
                                                       
    
    patching nginx for OpenSSL 1.1.0 pre beta support
    patch -p1 < /usr/local/src/centminmod/patches/nginx/openssl-110pre6.patch
    patching file src/event/ngx_event_openssl.c
    Hunk #1 succeeded at 2023 (offset 24 lines).
    
    nginx patched for OpenSSL 1.1.0 pre beta
    

    Code (Text):
    /svr-setup/openssl-1.1.0-pre6/.openssl/bin/openssl version
    OpenSSL 1.1.0-pre6 (beta) 4 Aug 2016

    native chacha20 support in OpenSSL 1.1.0 so no more Cloudflare chahca20 OpenSSL 1.0.2+ patching needed
    Code (Text):
    /svr-setup/openssl-1.1.0-pre6/.openssl/bin/openssl ciphers -V "ALL:COMPLEMENTOFALL" | grep -i chacha
              0xCC,0xA9 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
              0xCC,0xA8 - ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
              0xCC,0xAA - DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH       Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
              0xCC,0xAE - RSA-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=RSAPSK   Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
              0xCC,0xAD - DHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD
              0xCC,0xAC - ECDHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=ECDHEPSK Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD
              0xCC,0xAB - PSK-CHACHA20-POLY1305   TLSv1.2 Kx=PSK      Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD
    

    Code (Text):
    /svr-setup/openssl-1.1.0-pre6/.openssl/bin/openssl ciphers -V "ALL:COMPLEMENTOFALL"
              0xC0,0x2C - ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
              0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
              0x00,0xA3 - DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(256) Mac=AEAD
              0x00,0x9F - DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
              0xCC,0xA9 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
              0xCC,0xA8 - ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
              0xCC,0xAA - DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH       Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
              0xC0,0xAF - ECDHE-ECDSA-AES256-CCM8 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM8(256) Mac=AEAD
              0xC0,0xAD - ECDHE-ECDSA-AES256-CCM  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM(256) Mac=AEAD
              0xC0,0xA3 - DHE-RSA-AES256-CCM8     TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM8(256) Mac=AEAD
              0xC0,0x9F - DHE-RSA-AES256-CCM      TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM(256) Mac=AEAD
              0x00,0xA7 - ADH-AES256-GCM-SHA384   TLSv1.2 Kx=DH       Au=None Enc=AESGCM(256) Mac=AEAD
              0xC0,0x2B - ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
              0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
              0x00,0xA2 - DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(128) Mac=AEAD
              0x00,0x9E - DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
              0xC0,0xAE - ECDHE-ECDSA-AES128-CCM8 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM8(128) Mac=AEAD
              0xC0,0xAC - ECDHE-ECDSA-AES128-CCM  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM(128) Mac=AEAD
              0xC0,0xA2 - DHE-RSA-AES128-CCM8     TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM8(128) Mac=AEAD
              0xC0,0x9E - DHE-RSA-AES128-CCM      TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM(128) Mac=AEAD
              0x00,0xA6 - ADH-AES128-GCM-SHA256   TLSv1.2 Kx=DH       Au=None Enc=AESGCM(128) Mac=AEAD
              0xC0,0x24 - ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
              0xC0,0x28 - ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
              0x00,0x6B - DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
              0x00,0x6A - DHE-DSS-AES256-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA256
              0xC0,0x73 - ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=Camellia(256) Mac=SHA384
              0xC0,0x77 - ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=Camellia(256) Mac=SHA384
              0x00,0xC4 - DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA256
              0x00,0xC3 - DHE-DSS-CAMELLIA256-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=Camellia(256) Mac=SHA256
              0x00,0x6D - ADH-AES256-SHA256       TLSv1.2 Kx=DH       Au=None Enc=AES(256)  Mac=SHA256
              0x00,0xC5 - ADH-CAMELLIA256-SHA256  TLSv1.2 Kx=DH       Au=None Enc=Camellia(256) Mac=SHA256
              0xC0,0x23 - ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
              0xC0,0x27 - ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
              0x00,0x67 - DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
              0x00,0x40 - DHE-DSS-AES128-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA256
              0xC0,0x72 - ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=Camellia(128) Mac=SHA256
              0xC0,0x76 - ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=Camellia(128) Mac=SHA256
              0x00,0xBE - DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA256
              0x00,0xBD - DHE-DSS-CAMELLIA128-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=Camellia(128) Mac=SHA256
              0x00,0x6C - ADH-AES128-SHA256       TLSv1.2 Kx=DH       Au=None Enc=AES(128)  Mac=SHA256
              0x00,0xBF - ADH-CAMELLIA128-SHA256  TLSv1.2 Kx=DH       Au=None Enc=Camellia(128) Mac=SHA256
              0xC0,0x0A - ECDHE-ECDSA-AES256-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
              0xC0,0x14 - ECDHE-RSA-AES256-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
              0x00,0x39 - DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
              0x00,0x38 - DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
              0x00,0x88 - DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA1
              0x00,0x87 - DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH       Au=DSS  Enc=Camellia(256) Mac=SHA1
              0xC0,0x19 - AECDH-AES256-SHA        SSLv3 Kx=ECDH     Au=None Enc=AES(256)  Mac=SHA1
              0x00,0x3A - ADH-AES256-SHA          SSLv3 Kx=DH       Au=None Enc=AES(256)  Mac=SHA1
              0x00,0x89 - ADH-CAMELLIA256-SHA     SSLv3 Kx=DH       Au=None Enc=Camellia(256) Mac=SHA1
              0xC0,0x09 - ECDHE-ECDSA-AES128-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
              0xC0,0x13 - ECDHE-RSA-AES128-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
              0x00,0x33 - DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
              0x00,0x32 - DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
              0x00,0x9A - DHE-RSA-SEED-SHA        SSLv3 Kx=DH       Au=RSA  Enc=SEED(128) Mac=SHA1
              0x00,0x99 - DHE-DSS-SEED-SHA        SSLv3 Kx=DH       Au=DSS  Enc=SEED(128) Mac=SHA1
              0x00,0x45 - DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA1
              0x00,0x44 - DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH       Au=DSS  Enc=Camellia(128) Mac=SHA1
              0xC0,0x18 - AECDH-AES128-SHA        SSLv3 Kx=ECDH     Au=None Enc=AES(128)  Mac=SHA1
              0x00,0x34 - ADH-AES128-SHA          SSLv3 Kx=DH       Au=None Enc=AES(128)  Mac=SHA1
              0x00,0x9B - ADH-SEED-SHA            SSLv3 Kx=DH       Au=None Enc=SEED(128) Mac=SHA1
              0x00,0x46 - ADH-CAMELLIA128-SHA     SSLv3 Kx=DH       Au=None Enc=Camellia(128) Mac=SHA1
              0xC0,0x08 - ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH     Au=ECDSA Enc=3DES(168) Mac=SHA1
              0xC0,0x12 - ECDHE-RSA-DES-CBC3-SHA  SSLv3 Kx=ECDH     Au=RSA  Enc=3DES(168) Mac=SHA1
              0x00,0x16 - DHE-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
              0x00,0x13 - DHE-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
              0xC0,0x17 - AECDH-DES-CBC3-SHA      SSLv3 Kx=ECDH     Au=None Enc=3DES(168) Mac=SHA1
              0x00,0x1B - ADH-DES-CBC3-SHA        SSLv3 Kx=DH       Au=None Enc=3DES(168) Mac=SHA1
              0x00,0xAD - RSA-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=RSAPSK   Au=RSA  Enc=AESGCM(256) Mac=AEAD
              0x00,0xAB - DHE-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESGCM(256) Mac=AEAD
              0xCC,0xAE - RSA-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=RSAPSK   Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
              0xCC,0xAD - DHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD
              0xCC,0xAC - ECDHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=ECDHEPSK Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD
              0xC0,0xAB - DHE-PSK-AES256-CCM8     TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESCCM8(256) Mac=AEAD
              0xC0,0xA7 - DHE-PSK-AES256-CCM      TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESCCM(256) Mac=AEAD
              0x00,0x9D - AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
              0xC0,0xA1 - AES256-CCM8             TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM8(256) Mac=AEAD
              0xC0,0x9D - AES256-CCM              TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM(256) Mac=AEAD
              0x00,0xA9 - PSK-AES256-GCM-SHA384   TLSv1.2 Kx=PSK      Au=PSK  Enc=AESGCM(256) Mac=AEAD
              0xCC,0xAB - PSK-CHACHA20-POLY1305   TLSv1.2 Kx=PSK      Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD
              0xC0,0xA9 - PSK-AES256-CCM8         TLSv1.2 Kx=PSK      Au=PSK  Enc=AESCCM8(256) Mac=AEAD
              0xC0,0xA5 - PSK-AES256-CCM          TLSv1.2 Kx=PSK      Au=PSK  Enc=AESCCM(256) Mac=AEAD
              0x00,0xAC - RSA-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=RSAPSK   Au=RSA  Enc=AESGCM(128) Mac=AEAD
              0x00,0xAA - DHE-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESGCM(128) Mac=AEAD
              0xC0,0xAA - DHE-PSK-AES128-CCM8     TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESCCM8(128) Mac=AEAD
              0xC0,0xA6 - DHE-PSK-AES128-CCM      TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESCCM(128) Mac=AEAD
              0x00,0x9C - AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
              0xC0,0xA0 - AES128-CCM8             TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM8(128) Mac=AEAD
              0xC0,0x9C - AES128-CCM              TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM(128) Mac=AEAD
              0x00,0xA8 - PSK-AES128-GCM-SHA256   TLSv1.2 Kx=PSK      Au=PSK  Enc=AESGCM(128) Mac=AEAD
              0xC0,0xA8 - PSK-AES128-CCM8         TLSv1.2 Kx=PSK      Au=PSK  Enc=AESCCM8(128) Mac=AEAD
              0xC0,0xA4 - PSK-AES128-CCM          TLSv1.2 Kx=PSK      Au=PSK  Enc=AESCCM(128) Mac=AEAD
              0x00,0x3D - AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
              0x00,0xC0 - CAMELLIA256-SHA256      TLSv1.2 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA256
              0x00,0x3C - AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
              0x00,0xBA - CAMELLIA128-SHA256      TLSv1.2 Kx=RSA      Au=RSA  Enc=Camellia(128) Mac=SHA256
              0xC0,0x38 - ECDHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=ECDHEPSK Au=PSK  Enc=AES(256)  Mac=SHA384
              0xC0,0x36 - ECDHE-PSK-AES256-CBC-SHA SSLv3 Kx=ECDHEPSK Au=PSK  Enc=AES(256)  Mac=SHA1
              0xC0,0x22 - SRP-DSS-AES-256-CBC-SHA SSLv3 Kx=SRP      Au=DSS  Enc=AES(256)  Mac=SHA1
              0xC0,0x21 - SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP      Au=RSA  Enc=AES(256)  Mac=SHA1
              0xC0,0x20 - SRP-AES-256-CBC-SHA     SSLv3 Kx=SRP      Au=SRP  Enc=AES(256)  Mac=SHA1
              0x00,0xB7 - RSA-PSK-AES256-CBC-SHA384 TLSv1 Kx=RSAPSK   Au=RSA  Enc=AES(256)  Mac=SHA384
              0x00,0xB3 - DHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=DHEPSK   Au=PSK  Enc=AES(256)  Mac=SHA384
              0x00,0x95 - RSA-PSK-AES256-CBC-SHA  SSLv3 Kx=RSAPSK   Au=RSA  Enc=AES(256)  Mac=SHA1
              0x00,0x91 - DHE-PSK-AES256-CBC-SHA  SSLv3 Kx=DHEPSK   Au=PSK  Enc=AES(256)  Mac=SHA1
              0xC0,0x9B - ECDHE-PSK-CAMELLIA256-SHA384 TLSv1 Kx=ECDHEPSK Au=PSK  Enc=Camellia(256) Mac=SHA384
              0xC0,0x99 - RSA-PSK-CAMELLIA256-SHA384 TLSv1 Kx=RSAPSK   Au=RSA  Enc=Camellia(256) Mac=SHA384
              0xC0,0x97 - DHE-PSK-CAMELLIA256-SHA384 TLSv1 Kx=DHEPSK   Au=PSK  Enc=Camellia(256) Mac=SHA384
              0x00,0x35 - AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
              0x00,0x84 - CAMELLIA256-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA1
              0x00,0xAF - PSK-AES256-CBC-SHA384   TLSv1 Kx=PSK      Au=PSK  Enc=AES(256)  Mac=SHA384
              0x00,0x8D - PSK-AES256-CBC-SHA      SSLv3 Kx=PSK      Au=PSK  Enc=AES(256)  Mac=SHA1
              0xC0,0x95 - PSK-CAMELLIA256-SHA384  TLSv1 Kx=PSK      Au=PSK  Enc=Camellia(256) Mac=SHA384
              0xC0,0x37 - ECDHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK  Enc=AES(128)  Mac=SHA256
              0xC0,0x35 - ECDHE-PSK-AES128-CBC-SHA SSLv3 Kx=ECDHEPSK Au=PSK  Enc=AES(128)  Mac=SHA1
              0xC0,0x1F - SRP-DSS-AES-128-CBC-SHA SSLv3 Kx=SRP      Au=DSS  Enc=AES(128)  Mac=SHA1
              0xC0,0x1E - SRP-RSA-AES-128-CBC-SHA SSLv3 Kx=SRP      Au=RSA  Enc=AES(128)  Mac=SHA1
              0xC0,0x1D - SRP-AES-128-CBC-SHA     SSLv3 Kx=SRP      Au=SRP  Enc=AES(128)  Mac=SHA1
              0x00,0xB6 - RSA-PSK-AES128-CBC-SHA256 TLSv1 Kx=RSAPSK   Au=RSA  Enc=AES(128)  Mac=SHA256
              0x00,0xB2 - DHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=DHEPSK   Au=PSK  Enc=AES(128)  Mac=SHA256
              0x00,0x94 - RSA-PSK-AES128-CBC-SHA  SSLv3 Kx=RSAPSK   Au=RSA  Enc=AES(128)  Mac=SHA1
              0x00,0x90 - DHE-PSK-AES128-CBC-SHA  SSLv3 Kx=DHEPSK   Au=PSK  Enc=AES(128)  Mac=SHA1
              0xC0,0x9A - ECDHE-PSK-CAMELLIA128-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK  Enc=Camellia(128) Mac=SHA256
              0xC0,0x98 - RSA-PSK-CAMELLIA128-SHA256 TLSv1 Kx=RSAPSK   Au=RSA  Enc=Camellia(128) Mac=SHA256
              0xC0,0x96 - DHE-PSK-CAMELLIA128-SHA256 TLSv1 Kx=DHEPSK   Au=PSK  Enc=Camellia(128) Mac=SHA256
              0x00,0x2F - AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
              0x00,0x96 - SEED-SHA                SSLv3 Kx=RSA      Au=RSA  Enc=SEED(128) Mac=SHA1
              0x00,0x41 - CAMELLIA128-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(128) Mac=SHA1
              0x00,0x07 - IDEA-CBC-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=SHA1
              0x00,0xAE - PSK-AES128-CBC-SHA256   TLSv1 Kx=PSK      Au=PSK  Enc=AES(128)  Mac=SHA256
              0x00,0x8C - PSK-AES128-CBC-SHA      SSLv3 Kx=PSK      Au=PSK  Enc=AES(128)  Mac=SHA1
              0xC0,0x94 - PSK-CAMELLIA128-SHA256  TLSv1 Kx=PSK      Au=PSK  Enc=Camellia(128) Mac=SHA256
              0xC0,0x34 - ECDHE-PSK-3DES-EDE-CBC-SHA SSLv3 Kx=ECDHEPSK Au=PSK  Enc=3DES(168) Mac=SHA1
              0xC0,0x1C - SRP-DSS-3DES-EDE-CBC-SHA SSLv3 Kx=SRP      Au=DSS  Enc=3DES(168) Mac=SHA1
              0xC0,0x1B - SRP-RSA-3DES-EDE-CBC-SHA SSLv3 Kx=SRP      Au=RSA  Enc=3DES(168) Mac=SHA1
              0xC0,0x1A - SRP-3DES-EDE-CBC-SHA    SSLv3 Kx=SRP      Au=SRP  Enc=3DES(168) Mac=SHA1
              0x00,0x93 - RSA-PSK-3DES-EDE-CBC-SHA SSLv3 Kx=RSAPSK   Au=RSA  Enc=3DES(168) Mac=SHA1
              0x00,0x8F - DHE-PSK-3DES-EDE-CBC-SHA SSLv3 Kx=DHEPSK   Au=PSK  Enc=3DES(168) Mac=SHA1
              0x00,0x0A - DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
              0x00,0x8B - PSK-3DES-EDE-CBC-SHA    SSLv3 Kx=PSK      Au=PSK  Enc=3DES(168) Mac=SHA1
              0xC0,0x06 - ECDHE-ECDSA-NULL-SHA    SSLv3 Kx=ECDH     Au=ECDSA Enc=None      Mac=SHA1
              0xC0,0x10 - ECDHE-RSA-NULL-SHA      SSLv3 Kx=ECDH     Au=RSA  Enc=None      Mac=SHA1
              0xC0,0x15 - AECDH-NULL-SHA          SSLv3 Kx=ECDH     Au=None Enc=None      Mac=SHA1
              0x00,0x3B - NULL-SHA256             TLSv1.2 Kx=RSA      Au=RSA  Enc=None      Mac=SHA256
              0xC0,0x3B - ECDHE-PSK-NULL-SHA384   TLSv1 Kx=ECDHEPSK Au=PSK  Enc=None      Mac=SHA384
              0xC0,0x3A - ECDHE-PSK-NULL-SHA256   TLSv1 Kx=ECDHEPSK Au=PSK  Enc=None      Mac=SHA256
              0xC0,0x39 - ECDHE-PSK-NULL-SHA      SSLv3 Kx=ECDHEPSK Au=PSK  Enc=None      Mac=SHA1
              0x00,0xB9 - RSA-PSK-NULL-SHA384     TLSv1 Kx=RSAPSK   Au=RSA  Enc=None      Mac=SHA384
              0x00,0xB8 - RSA-PSK-NULL-SHA256     TLSv1 Kx=RSAPSK   Au=RSA  Enc=None      Mac=SHA256
              0x00,0xB5 - DHE-PSK-NULL-SHA384     TLSv1 Kx=DHEPSK   Au=PSK  Enc=None      Mac=SHA384
              0x00,0xB4 - DHE-PSK-NULL-SHA256     TLSv1 Kx=DHEPSK   Au=PSK  Enc=None      Mac=SHA256
              0x00,0x2E - RSA-PSK-NULL-SHA        SSLv3 Kx=RSAPSK   Au=RSA  Enc=None      Mac=SHA1
              0x00,0x2D - DHE-PSK-NULL-SHA        SSLv3 Kx=DHEPSK   Au=PSK  Enc=None      Mac=SHA1
              0x00,0x02 - NULL-SHA                SSLv3 Kx=RSA      Au=RSA  Enc=None      Mac=SHA1
              0x00,0x01 - NULL-MD5                SSLv3 Kx=RSA      Au=RSA  Enc=None      Mac=MD5
              0x00,0xB1 - PSK-NULL-SHA384         TLSv1 Kx=PSK      Au=PSK  Enc=None      Mac=SHA384
              0x00,0xB0 - PSK-NULL-SHA256         TLSv1 Kx=PSK      Au=PSK  Enc=None      Mac=SHA256
              0x00,0x2C - PSK-NULL-SHA            SSLv3 Kx=PSK      Au=PSK  Enc=None      Mac=SHA1
     
    Last edited: Aug 10, 2016
  6. eva2000

    eva2000 Administrator Staff Member

    28,984
    6,579
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,766
    Local Time:
    6:34 AM
    Nginx 1.13.x
    MariaDB 5.5
  7. eva2000

    eva2000 Administrator Staff Member

    28,984
    6,579
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,766
    Local Time:
    6:34 AM
    Nginx 1.13.x
    MariaDB 5.5
  8. bassie

    bassie Active Member

    494
    104
    43
    Apr 29, 2016
    Ratings:
    +312
    Local Time:
    10:34 PM
    Tested OpenSSL 1.1 pre* on 25 june , till 25 june.
    Nginx is to unstable with this patch.

    A simple SSL test via for example SSL Server Test (Powered by Qualys SSL Labs) (tested 25 june) could break and hang/crash Nginx completely + 100 cpu usage.

    In short only for test purposes.
    0 reason to use it now.
     
    • Informative Informative x 1
  9. eva2000

    eva2000 Administrator Staff Member

    28,984
    6,579
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,766
    Local Time:
    6:34 AM
    Nginx 1.13.x
    MariaDB 5.5
    interesting - tried 1.1.0-pre6 yet ? :)
     
  10. bassie

    bassie Active Member

    494
    104
    43
    Apr 29, 2016
    Ratings:
    +312
    Local Time:
    10:34 PM
    Nup, No, not tested yet.
    I venture more attempts over a time.
    Since 25 August the official version comes, it makes little sense to a spend lot of time, before the 25 st.
     
  11. eva2000

    eva2000 Administrator Staff Member

    28,984
    6,579
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,766
    Local Time:
    6:34 AM
    Nginx 1.13.x
    MariaDB 5.5
    Unless your developing a LEMP web stack :D
     
  12. eva2000

    eva2000 Administrator Staff Member

    28,984
    6,579
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,766
    Local Time:
    6:34 AM
    Nginx 1.13.x
    MariaDB 5.5
  13. bassie

    bassie Active Member

    494
    104
    43
    Apr 29, 2016
    Ratings:
    +312
    Local Time:
    10:34 PM
    Yes and no at the same time if you ask me.
    Since Nginx 1.11.4 won't need any patch at all, you have spent time i.e. for the Nginx 1.11.3 based patch, coding on Centminmod etc. for nothing.

    The developers of OpenSSL have indicated that the API can be broken till they release there final golden code. So it can change again. If OpenSSL change, Nginx need to change at the same time. And then you can start all over again and again.

    time you can devote more useful because you repeatedly indicated on this forum, you're so busy.
     
    Last edited: Aug 10, 2016
    • Agree Agree x 1
  14. eva2000

    eva2000 Administrator Staff Member

    28,984
    6,579
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,766
    Local Time:
    6:34 AM
    Nginx 1.13.x
    MariaDB 5.5
    indeed :)
     
  15. eva2000

    eva2000 Administrator Staff Member

    28,984
    6,579
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,766
    Local Time:
    6:34 AM
    Nginx 1.13.x
    MariaDB 5.5
    looks like nginx lua module has incompatibilities with openssl 1.1.0 as well Build fails with OpenSSL 1.1 · Issue #757 · openresty/lua-nginx-module · GitHub
    Code (Text):
            ../lua-nginx-module-0.10.5/src/ngx_http_lua_ssl_ocsp.c
    ../lua-nginx-module-0.10.5/src/ngx_http_lua_ssl_ocsp.c: In function ‘ngx_http_lua_ffi_ssl_set_ocsp_status_resp’:
    ../lua-nginx-module-0.10.5/src/ngx_http_lua_ssl_ocsp.c:471:17: error: dereferencing pointer to incomplete type
         if (ssl_conn->tlsext_status_type == -1) {
                     ^
    ../lua-nginx-module-0.10.5/src/ngx_http_lua_ssl_ocsp.c:493:13: error: dereferencing pointer to incomplete type
         ssl_conn->tlsext_status_expected = 1;
                 ^
    ../lua-nginx-module-0.10.5/src/ngx_http_lua_ssl_ocsp.c: At top level:
    cc1: warning: unrecognized command line option "-Wno-c++11-extensions" [enabled by default]
    make[1]: *** [objs/addon/src/ngx_http_lua_ssl_ocsp.o] Error 1
    make[1]: Leaving directory `/svr-setup/nginx-1.11.3'
    make: *** [install] Error 2
     
  16. bassie

    bassie Active Member

    494
    104
    43
    Apr 29, 2016
    Ratings:
    +312
    Local Time:
    10:34 PM
    OpenSSL 1.1 will be released tomorrow, the 25th of august 2016.
    The (nearly) final code compiles nicely with Nginx.

    No patches or changes needed.
    Now on to a beautiful OpenSSl 1.1 launch tomorrow.

    Code:
    nginx version: nginx/1.11.4
    built by gcc 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC)
    built with OpenSSL 1.1.0-pre7-dev  xx XXX xxxx
    TLS SNI support enabled
    
     
  17. eva2000

    eva2000 Administrator Staff Member

    28,984
    6,579
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,766
    Local Time:
    6:34 AM
    Nginx 1.13.x
    MariaDB 5.5
    thanks for the reminder ! Need to recheck if lua nginx module supports Openssl 1.1.0 :)
     
  18. Sunka

    Sunka Active Member

    888
    230
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +376
    Local Time:
    10:34 PM
    Nginx 1.13.3
    MariaDB 10.1.24
    ?
     
  19. eva2000

    eva2000 Administrator Staff Member

    28,984
    6,579
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,766
    Local Time:
    6:34 AM
    Nginx 1.13.x
    MariaDB 5.5
    probably compiling against nginx master nginx: log
     
    • Like Like x 1
  20. bassie

    bassie Active Member

    494
    104
    43
    Apr 29, 2016
    Ratings:
    +312
    Local Time:
    10:34 PM
    Yup, I had to use the latest Nginx code (git clone --single-branch)
    to be able to build Nginx against OpenSSL 1.1 without using build fix patches.

    As the version number is changed to 1.11.4 in the git master branch.
    Nginx -V writes about 1.11.4.
     
    Last edited: Aug 25, 2016
    • Informative Informative x 2