Welcome to Centmin Mod Community
Become a Member

OpenSSL OpenSSL 1.1.1 Alpha Pre-Release 2 - released

Discussion in 'CentOS, Redhat & Oracle Linux News' started by buik, Mar 1, 2018.

  1. buik

    buik “The best traveler is one without a camera.”

    1,990
    518
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,647
    Local Time:
    12:18 AM
    OpenSSL 1.1.1 Alpha Pre-Release 2 is released.


     
  2. eva2000

    eva2000 Administrator Staff Member

    53,229
    12,116
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,654
    Local Time:
    8:18 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    nice.. moving closer to TLS v1.3 reality :D

    Nginx Patches
    Code (Text):
    cat /root/centminlogs/patch_patchnginx_010318-185708.log
                 ____  _                    _   __  _                   
                / ___|| |  ___   _   _   __| | / _|| |  __ _  _ __  ___ 
               | |    | | / _ \ | | | | / _` || |_ | | / _` || '__|/ _ \
               | |___ | || (_) || |_| || (_| ||  _|| || (_| || |  |  __/
                \____||_| \___/  \__,_| \__,_||_|  |_| \__,_||_|   \___|
                                                                       
     _   _         _                ____                                   _       
    | \ | |  __ _ (_) _ __  __  __ |  _ \  _   _  _ __    __ _  _ __ ___  (_)  ___ 
    |  \| | / _` || || '_ \ \ \/ / | | | || | | || '_ \  / _` || '_ ` _ \ | | / __|
    | |\  || (_| || || | | | >  <  | |_| || |_| || | | || (_| || | | | | || || (__ 
    |_| \_| \__, ||_||_| |_|/_/\_\ |____/  \__, ||_| |_| \__,_||_| |_| |_||_| \___|
            |___/                          |___/                                   
                   _____  _      ____    ____         _         _     
                  |_   _|| |    / ___|  |  _ \  __ _ | |_  ___ | |__ 
                    | |  | |    \___ \  | |_) |/ _` || __|/ __|| '_ \ 
                    | |  | |___  ___) | |  __/| (_| || |_| (__ | | | |
                    |_|  |_____||____/  |_|    \__,_| \__|\___||_| |_|
                                                                     
    ######################################################################
    Patching Nginx for Dynamic TLS Size Support
    ######################################################################
    Cloudflare Nginx Dynamic TLS patch
    https://github.com/cloudflare/sslconfig/raw/master/patches/nginx__dynamic_tls_records.patch
    ######################################################################
    patch -p1 < /usr/local/src/centminmod/patches/cloudflare/nginx__dynamic_tls_records_1011005.patch
    patching file src/event/ngx_event_openssl.c
    Hunk #1 succeeded at 1174 (offset 43 lines).
    Hunk #2 succeeded at 1713 (offset 43 lines).
    Hunk #3 succeeded at 1849 (offset 43 lines).
    patching file src/event/ngx_event_openssl.h
    Hunk #1 succeeded at 60 with fuzz 1 (offset 6 lines).
    Hunk #2 succeeded at 95 (offset 6 lines).
    Hunk #3 succeeded at 108 (offset 6 lines).
    patching file src/http/modules/ngx_http_ssl_module.c
    Hunk #1 succeeded at 234 (offset 1 line).
    Hunk #2 succeeded at 594 (offset 26 lines).
    Hunk #3 succeeded at 664 (offset 26 lines).
    Hunk #4 succeeded at 858 (offset 26 lines).
    patching file src/http/modules/ngx_http_ssl_module.h
    1013009
    /svr-setup/nginx-1.13.9 /svr-setup/nginx-1.13.9
    patching nginx http/2 full HPACK encoding support
    nginx-1.13.9_http2-hpack.patch
    patch -p1 < /usr/local/src/centminmod/patches/cloudflare/nginx-1.13.9_http2-hpack.patch
    patching file auto/modules
    Hunk #1 succeeded at 437 (offset 1 line).
    patching file auto/options
    patching file src/core/ngx_murmurhash.c
    patching file src/core/ngx_murmurhash.h
    patching file src/http/v2/ngx_http_v2.c
    Hunk #1 succeeded at 274 with fuzz 1 (offset 27 lines).
    Hunk #2 succeeded at 2076 with fuzz 1 (offset 54 lines).
    patching file src/http/v2/ngx_http_v2.h
    Hunk #6 succeeded at 414 (offset -1 lines).
    patching file src/http/v2/ngx_http_v2_filter_module.c
    Hunk #1 succeeded at 26 (offset 1 line).
    Hunk #2 succeeded at 88 with fuzz 2 (offset 40 lines).
    Hunk #3 succeeded at 187 with fuzz 2 (offset 45 lines).
    Hunk #4 succeeded at 465 (offset 56 lines).
    Hunk #5 succeeded at 473 (offset 56 lines).
    Hunk #6 succeeded at 493 (offset 56 lines).
    Hunk #7 succeeded at 540 (offset 56 lines).
    Hunk #8 succeeded at 592 (offset 56 lines).
    Hunk #9 succeeded at 1025 (offset 347 lines).
    Hunk #10 succeeded at 1051 (offset 347 lines).
    patching file src/http/v2/ngx_http_v2_table.c
    
    patching nginx http/2 full HPACK encoding for nginx 1.13.9+
    
     
  3. eva2000

    eva2000 Administrator Staff Member

    53,229
    12,116
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,654
    Local Time:
    8:18 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Looking good now that Chrome 65 stable has TLSv1.3 support enabled

    Code (Text):
    curl --tlsv1.3 -Isv https://http2.centminmod.com 2>&1 | egrep 'ALPN|SSL connection'
    * ALPN, offering h2
    * ALPN, offering http/1.1
    * SSL connection using TLSv1.3 / TLS13-AES-128-GCM-SHA256
    * ALPN, server accepted to use h2
    

    Nginx 1.13.9 + OpenSSL 1.1.1-pre2 beta with TLSv1.3 support
    chrome65-tls13-01.png
    chrome65-tls13-02.png