/ Register

Want more timely Centmin Mod News Updates?
Become a Member

OpenSSL OpenSSL 1.1.0 is about to released

Discussion in 'CentOS, Redhat & Oracle Linux News' started by buik, Jul 2, 2016.

Tags:
Previous Thread Next Thread
Loading...
Page 1 of 2
  1. Jul 2, 2016 #1
    buik

    buik “The best traveler is one without a camera.”

    2,035
    527
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,682
    Local Time:
    12:47 AM
    I can't find the right forum section for OpenSSL.
    I found this comment 'OpenSSL 1.1.0 is about to released' from a member of the OpenSSL development team, while I was looking for a specific bug.

    Perhaps to be expected but always good news.
    A pretty impressive changelog, with the following highlights:
    • Support for ChaCha20-Poly1305 (RFC 7539)
    • Support for extended master secret
    • Support for X25519
    • Support for DANE and Certificate Transparency
    • CCM Ciphersuites
    • SSLv2 removed
    • Kerberos ciphersuite support removed
    • RC4 removed from DEFAULT ciphersuites in libssl
    • 40 and 56 bit cipher support removed from libssl
     
    Last edited by a moderator: Aug 9, 2016
  2. Jul 2, 2016 #2
    eva2000

    eva2000 Administrator Staff Member

    55,441
    12,257
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,840
    Local Time:
    8:47 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    nice thanks for heads up - moved to a more appropriate forum :)

    hoping nginx fixes it's openssl 1.1 compatibility as nginx folks were waiting on openssl 1.1 code to stablise :D
     
  3. Aug 9, 2016 #3
    eva2000

    eva2000 Administrator Staff Member

    55,441
    12,257
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,840
    Local Time:
    8:47 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    new beta is out [openssl-announce] OpenSSL version 1.1.0 pre release 6 published

     
  4. Aug 9, 2016 #4
    eva2000

    eva2000 Administrator Staff Member

    55,441
    12,257
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,840
    Local Time:
    8:47 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    @bassie edited 1st post to wrap long change log in spoiler code :)

    tried OpenSSL 1.1.0-pre6 beta and failed to compile with Nginx 1.11.3
    Set persistent config /etc/centminmod/custom_config.inc to switch from default LibreSSL to OpenSSL and set OPENSSL_VERSION to 1.1.0-pre6
    Code (Text):
    OPENSSL_VERSION='1.1.0-pre6'
LIBRESSL_SWITCH='n'

    then run centmin.sh menu option 4 to recompile Nginx 1.11.3 and relevant output
    Code (Text):
    ./configure --with-ld-opt="-ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/lib" --with-cc-opt="-m64 -mtune=native -mfpmath=sse -g -O3 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-sign-compare -Wno-string-plus-int -Wno-deprecated-declarations -Wno-unused-parameter -Wno-unused-const-variable -Wno-conditional-uninitialized -Wno-mismatched-tags -Wno-c++11-extensions -Wno-sometimes-uninitialized -Wno-parentheses-equality -Wno-tautological-compare -Wno-self-assign -Wno-deprecated-register -Wno-deprecated -Wno-invalid-source-encoding -Wno-pointer-sign -Wno-parentheses -Wno-enum-conversion -Wno-c++11-compat-deprecated-writable-strings -Wno-write-strings" --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --with-http_stub_status_module --with-http_secure_link_module --with-openssl-opt="enable-tlsext" --add-module=../nginx-module-vts --with-libatomic --with-threads --with-stream=dynamic --with-stream_ssl_module --with-http_gzip_static_module --with-http_sub_module --with-http_addition_module --with-http_image_filter_module=dynamic --with-http_geoip_module --with-stream_geoip_module --with-http_realip_module --add-dynamic-module=../ngx-fancyindex-0.4.0 --add-module=../ngx_cache_purge-2.3 --add-module=../ngx_devel_kit-0.3.0 --add-module=../set-misc-nginx-module-0.30 --add-module=../echo-nginx-module-0.59 --add-module=../redis2-nginx-module-0.13 --add-module=../ngx_http_redis-0.3.7 --add-module=../memc-nginx-module-0.17 --add-module=../srcache-nginx-module-0.31 --add-module=../headers-more-nginx-module-0.30 --with-pcre=../pcre-8.39 --with-pcre-jit --with-http_ssl_module --with-http_v2_module --with-openssl=../openssl-1.1.0-pre6
checking for OS
+ Linux 3.10.0-327.22.2.el7.x86_64 x86_64
checking for C compiler ... found
+ using Clang C compiler
+ clang version: 3.4.2 (tags/RELEASE_34/dot2-final)
checking for --with-ld-opt="-ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/lib" ... found
checking for -Wl,-E switch ... found
checking for gcc builtin atomic operations ... found
checking for C99 variadic macros ... found
checking for gcc variadic macros ... found
checking for gcc builtin 64 bit byteswap ... found
checking for unistd.h ... found
checking for inttypes.h ... found
checking for limits.h ... found
checking for sys/filio.h ... not found
checking for sys/param.h ... found
checking for sys/mount.h ... found
checking for sys/statvfs.h ... found
checking for crypt.h ... found
checking for Linux specific features
checking for epoll ... found
checking for EPOLLRDHUP ... found
checking for EPOLLEXCLUSIVE ... not found
checking for O_PATH ... found
checking for sendfile() ... found
checking for sendfile64() ... found
checking for sys/prctl.h ... found
checking for prctl(PR_SET_DUMPABLE) ... found
checking for sched_setaffinity() ... found
checking for crypt_r() ... found
checking for sys/vfs.h ... found
checking for nobody group ... found
checking for poll() ... found
checking for /dev/poll ... not found
checking for kqueue ... not found
checking for crypt() ... not found
checking for crypt() in libcrypt ... found
checking for F_READAHEAD ... not found
checking for posix_fadvise() ... found
checking for O_DIRECT ... found
checking for F_NOCACHE ... not found
checking for directio() ... not found
checking for statfs() ... found
checking for statvfs() ... found
checking for dlopen() ... not found
checking for dlopen() in libdl ... found
checking for sched_yield() ... found
checking for SO_SETFIB ... not found
checking for SO_REUSEPORT ... found
checking for SO_ACCEPTFILTER ... not found
checking for SO_BINDANY ... not found
checking for IP_BIND_ADDRESS_NO_PORT ... not found
checking for IP_TRANSPARENT ... found
checking for IP_BINDANY ... not found
checking for IP_RECVDSTADDR ... not found
checking for IP_PKTINFO ... found
checking for IPV6_RECVPKTINFO ... found
checking for TCP_DEFER_ACCEPT ... found
checking for TCP_KEEPIDLE ... found
checking for TCP_FASTOPEN ... found
checking for TCP_INFO ... found
checking for accept4() ... found
checking for eventfd() ... found
checking for int size ... 4 bytes
checking for long size ... 8 bytes
checking for long long size ... 8 bytes
checking for void * size ... 8 bytes
checking for uint32_t ... found
checking for uint64_t ... found
checking for sig_atomic_t ... found
checking for sig_atomic_t size ... 4 bytes
checking for socklen_t ... found
checking for in_addr_t ... found
checking for in_port_t ... found
checking for rlim_t ... found
checking for uintptr_t ... uintptr_t found
checking for system byte ordering ... little endian
checking for size_t size ... 8 bytes
checking for off_t size ... 8 bytes
checking for time_t size ... 8 bytes
checking for setproctitle() ... not found
checking for pread() ... found
checking for pwrite() ... found
checking for pwritev() ... found
checking for sys_nerr ... found
checking for localtime_r() ... found
checking for posix_memalign() ... found
checking for memalign() ... found
checking for mmap(MAP_ANON|MAP_SHARED) ... found
checking for mmap("/dev/zero", MAP_SHARED) ... found
checking for System V shared memory ... found
checking for POSIX semaphores ... not found
checking for POSIX semaphores in libpthread ... found
checking for struct msghdr.msg_control ... found
checking for ioctl(FIONBIO) ... found
checking for struct tm.tm_gmtoff ... found
checking for struct dirent.d_namlen ... not found
checking for struct dirent.d_type ... found
checking for sysconf(_SC_NPROCESSORS_ONLN) ... found
checking for openat(), fstatat() ... found
checking for getaddrinfo() ... found
configuring additional modules
adding module in ../nginx-module-vts
+ ngx_http_vhost_traffic_status_module was configured
adding module in ../ngx_cache_purge-2.3
+ ngx_http_cache_purge_module was configured
adding module in ../ngx_devel_kit-0.3.0
+ ngx_devel_kit was configured
adding module in ../set-misc-nginx-module-0.30
found ngx_devel_kit for ngx_set_misc; looks good.
+ ngx_http_set_misc_module was configured
adding module in ../echo-nginx-module-0.59
+ ngx_http_echo_module was configured
adding module in ../redis2-nginx-module-0.13
+ ngx_http_redis2_module was configured
adding module in ../ngx_http_redis-0.3.7
+ ngx_http_redis_module was configured
adding module in ../memc-nginx-module-0.17
+ ngx_http_memc_module was configured
adding module in ../srcache-nginx-module-0.31
+ ngx_http_srcache_filter_module was configured
adding module in ../headers-more-nginx-module-0.30
+ ngx_http_headers_more_filter_module was configured
configuring additional dynamic modules
adding module in ../ngx-fancyindex-0.4.0
+ ngx_http_fancyindex_module was configured
checking for zlib library ... found
checking for GD library ... found
checking for GeoIP library ... found
checking for atomic_ops library ... found
creating objs/Makefile

Configuration summary
  + using threads
  + using PCRE library: ../pcre-8.39
  + using OpenSSL library: ../openssl-1.1.0-pre6
  + using system zlib library
  + using system libatomic_ops library

  nginx path prefix: "/usr/local/nginx"
  nginx binary file: "/usr/local/sbin/nginx"
  nginx modules path: "/usr/local/nginx/modules"
  nginx configuration prefix: "/usr/local/nginx/conf"
  nginx configuration file: "/usr/local/nginx/conf/nginx.conf"
  nginx pid file: "/usr/local/nginx/logs/nginx.pid"
  nginx error log file: "/usr/local/nginx/logs/error.log"
  nginx http access log file: "/usr/local/nginx/logs/access.log"
  nginx http client request body temporary files: "client_body_temp"
  nginx http proxy temporary files: "proxy_temp"
  nginx http fastcgi temporary files: "fastcgi_temp"
  nginx http uwsgi temporary files: "uwsgi_temp"
  nginx http scgi temporary files: "scgi_temp"


Tue Aug  9 08:14:51 UTC 2016
Success: Nginx configure ok

    Code (Text):
    ccache /usr/bin/clang -ferror-limit=0 -c -pipe  -O -Wall -Wextra -Wpointer-arith -Wconditional-uninitialized -Wno-unused-parameter -Werror -g -m64 -mtune=native -mfpmath=sse -g -O3 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-sign-compare -Wno-string-plus-int -Wno-deprecated-declarations -Wno-unused-parameter -Wno-unused-const-variable -Wno-conditional-uninitialized -Wno-mismatched-tags -Wno-c++11-extensions -Wno-sometimes-uninitialized -Wno-parentheses-equality -Wno-tautological-compare -Wno-self-assign -Wno-deprecated-register -Wno-deprecated -Wno-invalid-source-encoding -Wno-pointer-sign -Wno-parentheses -Wno-enum-conversion -Wno-c++11-compat-deprecated-writable-strings -Wno-write-strings -DNDK_SET_VAR -DNDK_UPSTREAM_LIST -I src/core -I src/event -I src/event/modules -I src/os/unix -I ../ngx_devel_kit-0.3.0/objs -I objs/addon/ndk -I ../pcre-8.39 -I ../openssl-1.1.0-pre6/.openssl/include -I objs \
        -o objs/src/event/ngx_event_openssl.o \
        src/event/ngx_event_openssl.c
src/event/ngx_event_openssl.c:2026:21: error: use of undeclared identifier 'SSL_R_NO_CIPHERS_PASSED'
            || n == SSL_R_NO_CIPHERS_PASSED                          /*  182 */
                    ^
1 error generated.
make[1]: *** [objs/src/event/ngx_event_openssl.o] Error 1
make[1]: Leaving directory `/svr-setup/nginx-1.11.3'
make: *** [build] Error 2

    relevant thread at OpenSSL 1.1.0 Pre 6 patch for Nginx 1.11.*

    Nginx officially ain't looking to make OpenSSL 1.1.0 compatible until stable release is out. But someone did provide a patch Re: OpenSSL 1.1.0 Pre 6 patch for Nginx 1.11.*
     
  5. Aug 9, 2016 #5
    eva2000

    eva2000 Administrator Staff Member

    55,441
    12,257
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,840
    Local Time:
    8:47 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Added unofficial Nginx OpenSSL 1.1.0 pre-beta patch to Centmin Mod 123.09beta01 latest code Beta Branch - add unofficial OpenSSL 1.1.0-pre6 Nginx patch routine in 123.09beta01 | Centmin Mod Community The routine will detect if OPENSSL_VERSION is 1.1 based or 1.0 based and whether it has 'pre' tag in version and only apply unofficial patch to 1.1 with pre tag in OPENSSL_VERSION.

    FYI, Final OpenSSL 1.1.0 release is slated for August 25th, 2016.

    Set persistent config /etc/centminmod/custom_config.inc to switch from default LibreSSL to OpenSSL and set OPENSSL_VERSION to 1.1.0-pre6
    Code (Text):
    OPENSSL_VERSION='1.1.0-pre6'
LIBRESSL_SWITCH='n'

    then via centmin.sh menu option 4 specifying Nginx version = 1.11.3
    relevant line from centmin.sh menu option 4 nginx recompile run
    Code (Text):
    *************************************************
Nginx Patch Time - 1 seconds delay
to allow you to patch files
*************************************************
  _   _         _                 ___                       ____  ____   _
| \ | |  __ _ (_) _ __  __  __  / _ \  _ __    ___  _ __  / ___|/ ___| | |
|  \| | / _` || || '_ \ \ \/ / | | | || '_ \  / _ \| '_ \ \___ \\___ \ | |
| |\  || (_| || || | | | >  <  | |_| || |_) ||  __/| | | | ___) |___) || |___
|_| \_| \__, ||_||_| |_|/_/\_\  \___/ | .__/  \___||_| |_||____/|____/ |_____|
         |___/                         |_|                                
       _     _     ___    ____                 __ ____         _    
      / |   / |   / _ \  |  _ \  _ __  ___    / /| __ )   ___ | |_  __ _
      | |   | |  | | | | | |_) || '__|/ _ \  / / |  _ \  / _ \| __|/ _` |
      | | _ | | _| |_| | |  __/ | |  |  __/ / /  | |_) ||  __/| |_| (_| |
      |_|(_)|_|(_)\___/  |_|    |_|   \___|/_/   |____/  \___| \__|\__,_|
                                                                     
                          ____         _         _
                         |  _ \  __ _ | |_  ___ | |__
                         | |_) |/ _` || __|/ __|| '_ \
                         |  __/| (_| || |_| (__ | | | |
                         |_|    \__,_| \__|\___||_| |_|
                                                   

patching nginx for OpenSSL 1.1.0 pre beta support
patch -p1 < /usr/local/src/centminmod/patches/nginx/openssl-110pre6.patch
patching file src/event/ngx_event_openssl.c
Hunk #1 succeeded at 2023 (offset 24 lines).

nginx patched for OpenSSL 1.1.0 pre beta

    Code (Text):
    /svr-setup/openssl-1.1.0-pre6/.openssl/bin/openssl version
OpenSSL 1.1.0-pre6 (beta) 4 Aug 2016

    native chacha20 support in OpenSSL 1.1.0 so no more Cloudflare chahca20 OpenSSL 1.0.2+ patching needed
    Code (Text):
    /svr-setup/openssl-1.1.0-pre6/.openssl/bin/openssl ciphers -V "ALL:COMPLEMENTOFALL" | grep -i chacha
          0xCC,0xA9 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
          0xCC,0xA8 - ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
          0xCC,0xAA - DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH       Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
          0xCC,0xAE - RSA-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=RSAPSK   Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
          0xCC,0xAD - DHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD
          0xCC,0xAC - ECDHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=ECDHEPSK Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD
          0xCC,0xAB - PSK-CHACHA20-POLY1305   TLSv1.2 Kx=PSK      Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD

    Code (Text):
    /svr-setup/openssl-1.1.0-pre6/.openssl/bin/openssl ciphers -V "ALL:COMPLEMENTOFALL"
          0xC0,0x2C - ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
          0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
          0x00,0xA3 - DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(256) Mac=AEAD
          0x00,0x9F - DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
          0xCC,0xA9 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
          0xCC,0xA8 - ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
          0xCC,0xAA - DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH       Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
          0xC0,0xAF - ECDHE-ECDSA-AES256-CCM8 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM8(256) Mac=AEAD
          0xC0,0xAD - ECDHE-ECDSA-AES256-CCM  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM(256) Mac=AEAD
          0xC0,0xA3 - DHE-RSA-AES256-CCM8     TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM8(256) Mac=AEAD
          0xC0,0x9F - DHE-RSA-AES256-CCM      TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM(256) Mac=AEAD
          0x00,0xA7 - ADH-AES256-GCM-SHA384   TLSv1.2 Kx=DH       Au=None Enc=AESGCM(256) Mac=AEAD
          0xC0,0x2B - ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
          0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
          0x00,0xA2 - DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(128) Mac=AEAD
          0x00,0x9E - DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
          0xC0,0xAE - ECDHE-ECDSA-AES128-CCM8 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM8(128) Mac=AEAD
          0xC0,0xAC - ECDHE-ECDSA-AES128-CCM  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM(128) Mac=AEAD
          0xC0,0xA2 - DHE-RSA-AES128-CCM8     TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM8(128) Mac=AEAD
          0xC0,0x9E - DHE-RSA-AES128-CCM      TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM(128) Mac=AEAD
          0x00,0xA6 - ADH-AES128-GCM-SHA256   TLSv1.2 Kx=DH       Au=None Enc=AESGCM(128) Mac=AEAD
          0xC0,0x24 - ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
          0xC0,0x28 - ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
          0x00,0x6B - DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
          0x00,0x6A - DHE-DSS-AES256-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA256
          0xC0,0x73 - ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=Camellia(256) Mac=SHA384
          0xC0,0x77 - ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=Camellia(256) Mac=SHA384
          0x00,0xC4 - DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA256
          0x00,0xC3 - DHE-DSS-CAMELLIA256-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=Camellia(256) Mac=SHA256
          0x00,0x6D - ADH-AES256-SHA256       TLSv1.2 Kx=DH       Au=None Enc=AES(256)  Mac=SHA256
          0x00,0xC5 - ADH-CAMELLIA256-SHA256  TLSv1.2 Kx=DH       Au=None Enc=Camellia(256) Mac=SHA256
          0xC0,0x23 - ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
          0xC0,0x27 - ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
          0x00,0x67 - DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
          0x00,0x40 - DHE-DSS-AES128-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA256
          0xC0,0x72 - ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=Camellia(128) Mac=SHA256
          0xC0,0x76 - ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=Camellia(128) Mac=SHA256
          0x00,0xBE - DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA256
          0x00,0xBD - DHE-DSS-CAMELLIA128-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=Camellia(128) Mac=SHA256
          0x00,0x6C - ADH-AES128-SHA256       TLSv1.2 Kx=DH       Au=None Enc=AES(128)  Mac=SHA256
          0x00,0xBF - ADH-CAMELLIA128-SHA256  TLSv1.2 Kx=DH       Au=None Enc=Camellia(128) Mac=SHA256
          0xC0,0x0A - ECDHE-ECDSA-AES256-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
          0xC0,0x14 - ECDHE-RSA-AES256-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
          0x00,0x39 - DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
          0x00,0x38 - DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
          0x00,0x88 - DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA1
          0x00,0x87 - DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH       Au=DSS  Enc=Camellia(256) Mac=SHA1
          0xC0,0x19 - AECDH-AES256-SHA        SSLv3 Kx=ECDH     Au=None Enc=AES(256)  Mac=SHA1
          0x00,0x3A - ADH-AES256-SHA          SSLv3 Kx=DH       Au=None Enc=AES(256)  Mac=SHA1
          0x00,0x89 - ADH-CAMELLIA256-SHA     SSLv3 Kx=DH       Au=None Enc=Camellia(256) Mac=SHA1
          0xC0,0x09 - ECDHE-ECDSA-AES128-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
          0xC0,0x13 - ECDHE-RSA-AES128-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
          0x00,0x33 - DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
          0x00,0x32 - DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
          0x00,0x9A - DHE-RSA-SEED-SHA        SSLv3 Kx=DH       Au=RSA  Enc=SEED(128) Mac=SHA1
          0x00,0x99 - DHE-DSS-SEED-SHA        SSLv3 Kx=DH       Au=DSS  Enc=SEED(128) Mac=SHA1
          0x00,0x45 - DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA1
          0x00,0x44 - DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH       Au=DSS  Enc=Camellia(128) Mac=SHA1
          0xC0,0x18 - AECDH-AES128-SHA        SSLv3 Kx=ECDH     Au=None Enc=AES(128)  Mac=SHA1
          0x00,0x34 - ADH-AES128-SHA          SSLv3 Kx=DH       Au=None Enc=AES(128)  Mac=SHA1
          0x00,0x9B - ADH-SEED-SHA            SSLv3 Kx=DH       Au=None Enc=SEED(128) Mac=SHA1
          0x00,0x46 - ADH-CAMELLIA128-SHA     SSLv3 Kx=DH       Au=None Enc=Camellia(128) Mac=SHA1
          0xC0,0x08 - ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH     Au=ECDSA Enc=3DES(168) Mac=SHA1
          0xC0,0x12 - ECDHE-RSA-DES-CBC3-SHA  SSLv3 Kx=ECDH     Au=RSA  Enc=3DES(168) Mac=SHA1
          0x00,0x16 - DHE-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
          0x00,0x13 - DHE-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
          0xC0,0x17 - AECDH-DES-CBC3-SHA      SSLv3 Kx=ECDH     Au=None Enc=3DES(168) Mac=SHA1
          0x00,0x1B - ADH-DES-CBC3-SHA        SSLv3 Kx=DH       Au=None Enc=3DES(168) Mac=SHA1
          0x00,0xAD - RSA-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=RSAPSK   Au=RSA  Enc=AESGCM(256) Mac=AEAD
          0x00,0xAB - DHE-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESGCM(256) Mac=AEAD
          0xCC,0xAE - RSA-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=RSAPSK   Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
          0xCC,0xAD - DHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD
          0xCC,0xAC - ECDHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=ECDHEPSK Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD
          0xC0,0xAB - DHE-PSK-AES256-CCM8     TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESCCM8(256) Mac=AEAD
          0xC0,0xA7 - DHE-PSK-AES256-CCM      TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESCCM(256) Mac=AEAD
          0x00,0x9D - AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
          0xC0,0xA1 - AES256-CCM8             TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM8(256) Mac=AEAD
          0xC0,0x9D - AES256-CCM              TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM(256) Mac=AEAD
          0x00,0xA9 - PSK-AES256-GCM-SHA384   TLSv1.2 Kx=PSK      Au=PSK  Enc=AESGCM(256) Mac=AEAD
          0xCC,0xAB - PSK-CHACHA20-POLY1305   TLSv1.2 Kx=PSK      Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD
          0xC0,0xA9 - PSK-AES256-CCM8         TLSv1.2 Kx=PSK      Au=PSK  Enc=AESCCM8(256) Mac=AEAD
          0xC0,0xA5 - PSK-AES256-CCM          TLSv1.2 Kx=PSK      Au=PSK  Enc=AESCCM(256) Mac=AEAD
          0x00,0xAC - RSA-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=RSAPSK   Au=RSA  Enc=AESGCM(128) Mac=AEAD
          0x00,0xAA - DHE-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESGCM(128) Mac=AEAD
          0xC0,0xAA - DHE-PSK-AES128-CCM8     TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESCCM8(128) Mac=AEAD
          0xC0,0xA6 - DHE-PSK-AES128-CCM      TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESCCM(128) Mac=AEAD
          0x00,0x9C - AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
          0xC0,0xA0 - AES128-CCM8             TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM8(128) Mac=AEAD
          0xC0,0x9C - AES128-CCM              TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM(128) Mac=AEAD
          0x00,0xA8 - PSK-AES128-GCM-SHA256   TLSv1.2 Kx=PSK      Au=PSK  Enc=AESGCM(128) Mac=AEAD
          0xC0,0xA8 - PSK-AES128-CCM8         TLSv1.2 Kx=PSK      Au=PSK  Enc=AESCCM8(128) Mac=AEAD
          0xC0,0xA4 - PSK-AES128-CCM          TLSv1.2 Kx=PSK      Au=PSK  Enc=AESCCM(128) Mac=AEAD
          0x00,0x3D - AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
          0x00,0xC0 - CAMELLIA256-SHA256      TLSv1.2 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA256
          0x00,0x3C - AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
          0x00,0xBA - CAMELLIA128-SHA256      TLSv1.2 Kx=RSA      Au=RSA  Enc=Camellia(128) Mac=SHA256
          0xC0,0x38 - ECDHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=ECDHEPSK Au=PSK  Enc=AES(256)  Mac=SHA384
          0xC0,0x36 - ECDHE-PSK-AES256-CBC-SHA SSLv3 Kx=ECDHEPSK Au=PSK  Enc=AES(256)  Mac=SHA1
          0xC0,0x22 - SRP-DSS-AES-256-CBC-SHA SSLv3 Kx=SRP      Au=DSS  Enc=AES(256)  Mac=SHA1
          0xC0,0x21 - SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP      Au=RSA  Enc=AES(256)  Mac=SHA1
          0xC0,0x20 - SRP-AES-256-CBC-SHA     SSLv3 Kx=SRP      Au=SRP  Enc=AES(256)  Mac=SHA1
          0x00,0xB7 - RSA-PSK-AES256-CBC-SHA384 TLSv1 Kx=RSAPSK   Au=RSA  Enc=AES(256)  Mac=SHA384
          0x00,0xB3 - DHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=DHEPSK   Au=PSK  Enc=AES(256)  Mac=SHA384
          0x00,0x95 - RSA-PSK-AES256-CBC-SHA  SSLv3 Kx=RSAPSK   Au=RSA  Enc=AES(256)  Mac=SHA1
          0x00,0x91 - DHE-PSK-AES256-CBC-SHA  SSLv3 Kx=DHEPSK   Au=PSK  Enc=AES(256)  Mac=SHA1
          0xC0,0x9B - ECDHE-PSK-CAMELLIA256-SHA384 TLSv1 Kx=ECDHEPSK Au=PSK  Enc=Camellia(256) Mac=SHA384
          0xC0,0x99 - RSA-PSK-CAMELLIA256-SHA384 TLSv1 Kx=RSAPSK   Au=RSA  Enc=Camellia(256) Mac=SHA384
          0xC0,0x97 - DHE-PSK-CAMELLIA256-SHA384 TLSv1 Kx=DHEPSK   Au=PSK  Enc=Camellia(256) Mac=SHA384
          0x00,0x35 - AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
          0x00,0x84 - CAMELLIA256-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA1
          0x00,0xAF - PSK-AES256-CBC-SHA384   TLSv1 Kx=PSK      Au=PSK  Enc=AES(256)  Mac=SHA384
          0x00,0x8D - PSK-AES256-CBC-SHA      SSLv3 Kx=PSK      Au=PSK  Enc=AES(256)  Mac=SHA1
          0xC0,0x95 - PSK-CAMELLIA256-SHA384  TLSv1 Kx=PSK      Au=PSK  Enc=Camellia(256) Mac=SHA384
          0xC0,0x37 - ECDHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK  Enc=AES(128)  Mac=SHA256
          0xC0,0x35 - ECDHE-PSK-AES128-CBC-SHA SSLv3 Kx=ECDHEPSK Au=PSK  Enc=AES(128)  Mac=SHA1
          0xC0,0x1F - SRP-DSS-AES-128-CBC-SHA SSLv3 Kx=SRP      Au=DSS  Enc=AES(128)  Mac=SHA1
          0xC0,0x1E - SRP-RSA-AES-128-CBC-SHA SSLv3 Kx=SRP      Au=RSA  Enc=AES(128)  Mac=SHA1
          0xC0,0x1D - SRP-AES-128-CBC-SHA     SSLv3 Kx=SRP      Au=SRP  Enc=AES(128)  Mac=SHA1
          0x00,0xB6 - RSA-PSK-AES128-CBC-SHA256 TLSv1 Kx=RSAPSK   Au=RSA  Enc=AES(128)  Mac=SHA256
          0x00,0xB2 - DHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=DHEPSK   Au=PSK  Enc=AES(128)  Mac=SHA256
          0x00,0x94 - RSA-PSK-AES128-CBC-SHA  SSLv3 Kx=RSAPSK   Au=RSA  Enc=AES(128)  Mac=SHA1
          0x00,0x90 - DHE-PSK-AES128-CBC-SHA  SSLv3 Kx=DHEPSK   Au=PSK  Enc=AES(128)  Mac=SHA1
          0xC0,0x9A - ECDHE-PSK-CAMELLIA128-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK  Enc=Camellia(128) Mac=SHA256
          0xC0,0x98 - RSA-PSK-CAMELLIA128-SHA256 TLSv1 Kx=RSAPSK   Au=RSA  Enc=Camellia(128) Mac=SHA256
          0xC0,0x96 - DHE-PSK-CAMELLIA128-SHA256 TLSv1 Kx=DHEPSK   Au=PSK  Enc=Camellia(128) Mac=SHA256
          0x00,0x2F - AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
          0x00,0x96 - SEED-SHA                SSLv3 Kx=RSA      Au=RSA  Enc=SEED(128) Mac=SHA1
          0x00,0x41 - CAMELLIA128-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(128) Mac=SHA1
          0x00,0x07 - IDEA-CBC-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=SHA1
          0x00,0xAE - PSK-AES128-CBC-SHA256   TLSv1 Kx=PSK      Au=PSK  Enc=AES(128)  Mac=SHA256
          0x00,0x8C - PSK-AES128-CBC-SHA      SSLv3 Kx=PSK      Au=PSK  Enc=AES(128)  Mac=SHA1
          0xC0,0x94 - PSK-CAMELLIA128-SHA256  TLSv1 Kx=PSK      Au=PSK  Enc=Camellia(128) Mac=SHA256
          0xC0,0x34 - ECDHE-PSK-3DES-EDE-CBC-SHA SSLv3 Kx=ECDHEPSK Au=PSK  Enc=3DES(168) Mac=SHA1
          0xC0,0x1C - SRP-DSS-3DES-EDE-CBC-SHA SSLv3 Kx=SRP      Au=DSS  Enc=3DES(168) Mac=SHA1
          0xC0,0x1B - SRP-RSA-3DES-EDE-CBC-SHA SSLv3 Kx=SRP      Au=RSA  Enc=3DES(168) Mac=SHA1
          0xC0,0x1A - SRP-3DES-EDE-CBC-SHA    SSLv3 Kx=SRP      Au=SRP  Enc=3DES(168) Mac=SHA1
          0x00,0x93 - RSA-PSK-3DES-EDE-CBC-SHA SSLv3 Kx=RSAPSK   Au=RSA  Enc=3DES(168) Mac=SHA1
          0x00,0x8F - DHE-PSK-3DES-EDE-CBC-SHA SSLv3 Kx=DHEPSK   Au=PSK  Enc=3DES(168) Mac=SHA1
          0x00,0x0A - DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
          0x00,0x8B - PSK-3DES-EDE-CBC-SHA    SSLv3 Kx=PSK      Au=PSK  Enc=3DES(168) Mac=SHA1
          0xC0,0x06 - ECDHE-ECDSA-NULL-SHA    SSLv3 Kx=ECDH     Au=ECDSA Enc=None      Mac=SHA1
          0xC0,0x10 - ECDHE-RSA-NULL-SHA      SSLv3 Kx=ECDH     Au=RSA  Enc=None      Mac=SHA1
          0xC0,0x15 - AECDH-NULL-SHA          SSLv3 Kx=ECDH     Au=None Enc=None      Mac=SHA1
          0x00,0x3B - NULL-SHA256             TLSv1.2 Kx=RSA      Au=RSA  Enc=None      Mac=SHA256
          0xC0,0x3B - ECDHE-PSK-NULL-SHA384   TLSv1 Kx=ECDHEPSK Au=PSK  Enc=None      Mac=SHA384
          0xC0,0x3A - ECDHE-PSK-NULL-SHA256   TLSv1 Kx=ECDHEPSK Au=PSK  Enc=None      Mac=SHA256
          0xC0,0x39 - ECDHE-PSK-NULL-SHA      SSLv3 Kx=ECDHEPSK Au=PSK  Enc=None      Mac=SHA1
          0x00,0xB9 - RSA-PSK-NULL-SHA384     TLSv1 Kx=RSAPSK   Au=RSA  Enc=None      Mac=SHA384
          0x00,0xB8 - RSA-PSK-NULL-SHA256     TLSv1 Kx=RSAPSK   Au=RSA  Enc=None      Mac=SHA256
          0x00,0xB5 - DHE-PSK-NULL-SHA384     TLSv1 Kx=DHEPSK   Au=PSK  Enc=None      Mac=SHA384
          0x00,0xB4 - DHE-PSK-NULL-SHA256     TLSv1 Kx=DHEPSK   Au=PSK  Enc=None      Mac=SHA256
          0x00,0x2E - RSA-PSK-NULL-SHA        SSLv3 Kx=RSAPSK   Au=RSA  Enc=None      Mac=SHA1
          0x00,0x2D - DHE-PSK-NULL-SHA        SSLv3 Kx=DHEPSK   Au=PSK  Enc=None      Mac=SHA1
          0x00,0x02 - NULL-SHA                SSLv3 Kx=RSA      Au=RSA  Enc=None      Mac=SHA1
          0x00,0x01 - NULL-MD5                SSLv3 Kx=RSA      Au=RSA  Enc=None      Mac=MD5
          0x00,0xB1 - PSK-NULL-SHA384         TLSv1 Kx=PSK      Au=PSK  Enc=None      Mac=SHA384
          0x00,0xB0 - PSK-NULL-SHA256         TLSv1 Kx=PSK      Au=PSK  Enc=None      Mac=SHA256
          0x00,0x2C - PSK-NULL-SHA            SSLv3 Kx=PSK      Au=PSK  Enc=None      Mac=SHA1
     
    Last edited: Aug 10, 2016
  6. Aug 9, 2016 #6
    eva2000

    eva2000 Administrator Staff Member

    55,441
    12,257
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,840
    Local Time:
    8:47 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  7. Aug 10, 2016 #7
    eva2000

    eva2000 Administrator Staff Member

    55,441
    12,257
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,840
    Local Time:
    8:47 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  8. Aug 10, 2016 #8
    buik

    buik “The best traveler is one without a camera.”

    2,035
    527
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,682
    Local Time:
    12:47 AM
    Tested OpenSSL 1.1 pre* on 25 june , till 25 june.
    Nginx is to unstable with this patch.

    A simple SSL test via for example SSL Server Test (Powered by Qualys SSL Labs) (tested 25 june) could break and hang/crash Nginx completely + 100 cpu usage.

    In short only for test purposes.
    0 reason to use it now.
     
  9. Aug 10, 2016 #9
    eva2000

    eva2000 Administrator Staff Member

    55,441
    12,257
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,840
    Local Time:
    8:47 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    interesting - tried 1.1.0-pre6 yet ? :)
     
  10. Aug 10, 2016 #10
    buik

    buik “The best traveler is one without a camera.”

    2,035
    527
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,682
    Local Time:
    12:47 AM
    Nup, No, not tested yet.
    I venture more attempts over a time.
    Since 25 August the official version comes, it makes little sense to a spend lot of time, before the 25 st.
     
  11. Aug 10, 2016 #11
    eva2000

    eva2000 Administrator Staff Member

    55,441
    12,257
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,840
    Local Time:
    8:47 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Unless your developing a LEMP web stack :D
     
  12. Aug 10, 2016 #12
    eva2000

    eva2000 Administrator Staff Member

    55,441
    12,257
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,840
    Local Time:
    8:47 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  13. Aug 10, 2016 #13
    buik

    buik “The best traveler is one without a camera.”

    2,035
    527
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,682
    Local Time:
    12:47 AM
    Yes and no at the same time if you ask me.
    Since Nginx 1.11.4 won't need any patch at all, you have spent time i.e. for the Nginx 1.11.3 based patch, coding on Centminmod etc. for nothing.

    The developers of OpenSSL have indicated that the API can be broken till they release there final golden code. So it can change again. If OpenSSL change, Nginx need to change at the same time. And then you can start all over again and again.

    time you can devote more useful because you repeatedly indicated on this forum, you're so busy.
     
    Last edited: Aug 10, 2016
  14. Aug 10, 2016 #14
    eva2000

    eva2000 Administrator Staff Member

    55,441
    12,257
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,840
    Local Time:
    8:47 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    indeed :)
     
  15. Aug 12, 2016 #15
    eva2000

    eva2000 Administrator Staff Member

    55,441
    12,257
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,840
    Local Time:
    8:47 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    looks like nginx lua module has incompatibilities with openssl 1.1.0 as well Build fails with OpenSSL 1.1 · Issue #757 · openresty/lua-nginx-module · GitHub
    Code (Text):
            ../lua-nginx-module-0.10.5/src/ngx_http_lua_ssl_ocsp.c
../lua-nginx-module-0.10.5/src/ngx_http_lua_ssl_ocsp.c: In function ‘ngx_http_lua_ffi_ssl_set_ocsp_status_resp’:
../lua-nginx-module-0.10.5/src/ngx_http_lua_ssl_ocsp.c:471:17: error: dereferencing pointer to incomplete type
     if (ssl_conn->tlsext_status_type == -1) {
                 ^
../lua-nginx-module-0.10.5/src/ngx_http_lua_ssl_ocsp.c:493:13: error: dereferencing pointer to incomplete type
     ssl_conn->tlsext_status_expected = 1;
             ^
../lua-nginx-module-0.10.5/src/ngx_http_lua_ssl_ocsp.c: At top level:
cc1: warning: unrecognized command line option "-Wno-c++11-extensions" [enabled by default]
make[1]: *** [objs/addon/src/ngx_http_lua_ssl_ocsp.o] Error 1
make[1]: Leaving directory `/svr-setup/nginx-1.11.3'
make: *** [install] Error 2
     
  16. Aug 24, 2016 #16
    buik

    buik “The best traveler is one without a camera.”

    2,035
    527
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,682
    Local Time:
    12:47 AM
    OpenSSL 1.1 will be released tomorrow, the 25th of august 2016.
    The (nearly) final code compiles nicely with Nginx.

    No patches or changes needed.
    Now on to a beautiful OpenSSl 1.1 launch tomorrow.

    Code:
    nginx version: nginx/1.11.4
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC)
built with OpenSSL 1.1.0-pre7-dev  xx XXX xxxx
TLS SNI support enabled
     
  17. Aug 25, 2016 #17
    eva2000

    eva2000 Administrator Staff Member

    55,441
    12,257
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,840
    Local Time:
    8:47 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    thanks for the reminder ! Need to recheck if lua nginx module supports Openssl 1.1.0 :)
     
  18. Aug 25, 2016 #18
    Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    12:47 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    ?
     
  19. Aug 25, 2016 #19
    eva2000

    eva2000 Administrator Staff Member

    55,441
    12,257
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,840
    Local Time:
    8:47 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    probably compiling against nginx master nginx: log
     
  20. Aug 25, 2016 #20
    buik

    buik “The best traveler is one without a camera.”

    2,035
    527
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,682
    Local Time:
    12:47 AM
    Yup, I had to use the latest Nginx code (git clone --single-branch)
    to be able to build Nginx against OpenSSL 1.1 without using build fix patches.

    As the version number is changed to 1.11.4 in the git master branch.
    Nginx -V writes about 1.11.4.
     
    Last edited: Aug 25, 2016
Previous Thread Next Thread
Loading...
Page 1 of 2

.