Welcome to Centmin Mod Community
Become a Member

OpenSSL OpenSSL 1.1.1 Alpha Pre-Release 2 - released

Discussion in 'CentOS, Redhat & Oracle Linux News' started by buik, Mar 1, 2018.

  1. buik

    buik “Life is trying things to see if they work.” Premium Member

    1,378
    377
    83
    Apr 29, 2016
    Flanders
    Ratings:
    +1,151
    Local Time:
    1:29 PM
    OpenSSL 1.1.1 Alpha Pre-Release 2 is released.


     
  2. eva2000

    eva2000 Administrator Staff Member

    46,469
    10,555
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,388
    Local Time:
    9:29 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    nice.. moving closer to TLS v1.3 reality :D

    Nginx Patches
    Code (Text):
    cat /root/centminlogs/patch_patchnginx_010318-185708.log
                 ____  _                    _   __  _                   
                / ___|| |  ___   _   _   __| | / _|| |  __ _  _ __  ___ 
               | |    | | / _ \ | | | | / _` || |_ | | / _` || '__|/ _ \
               | |___ | || (_) || |_| || (_| ||  _|| || (_| || |  |  __/
                \____||_| \___/  \__,_| \__,_||_|  |_| \__,_||_|   \___|
                                                                       
     _   _         _                ____                                   _       
    | \ | |  __ _ (_) _ __  __  __ |  _ \  _   _  _ __    __ _  _ __ ___  (_)  ___ 
    |  \| | / _` || || '_ \ \ \/ / | | | || | | || '_ \  / _` || '_ ` _ \ | | / __|
    | |\  || (_| || || | | | >  <  | |_| || |_| || | | || (_| || | | | | || || (__ 
    |_| \_| \__, ||_||_| |_|/_/\_\ |____/  \__, ||_| |_| \__,_||_| |_| |_||_| \___|
            |___/                          |___/                                   
                   _____  _      ____    ____         _         _     
                  |_   _|| |    / ___|  |  _ \  __ _ | |_  ___ | |__ 
                    | |  | |    \___ \  | |_) |/ _` || __|/ __|| '_ \ 
                    | |  | |___  ___) | |  __/| (_| || |_| (__ | | | |
                    |_|  |_____||____/  |_|    \__,_| \__|\___||_| |_|
                                                                     
    ######################################################################
    Patching Nginx for Dynamic TLS Size Support
    ######################################################################
    Cloudflare Nginx Dynamic TLS patch
    https://github.com/cloudflare/sslconfig/raw/master/patches/nginx__dynamic_tls_records.patch
    ######################################################################
    patch -p1 < /usr/local/src/centminmod/patches/cloudflare/nginx__dynamic_tls_records_1011005.patch
    patching file src/event/ngx_event_openssl.c
    Hunk #1 succeeded at 1174 (offset 43 lines).
    Hunk #2 succeeded at 1713 (offset 43 lines).
    Hunk #3 succeeded at 1849 (offset 43 lines).
    patching file src/event/ngx_event_openssl.h
    Hunk #1 succeeded at 60 with fuzz 1 (offset 6 lines).
    Hunk #2 succeeded at 95 (offset 6 lines).
    Hunk #3 succeeded at 108 (offset 6 lines).
    patching file src/http/modules/ngx_http_ssl_module.c
    Hunk #1 succeeded at 234 (offset 1 line).
    Hunk #2 succeeded at 594 (offset 26 lines).
    Hunk #3 succeeded at 664 (offset 26 lines).
    Hunk #4 succeeded at 858 (offset 26 lines).
    patching file src/http/modules/ngx_http_ssl_module.h
    1013009
    /svr-setup/nginx-1.13.9 /svr-setup/nginx-1.13.9
    patching nginx http/2 full HPACK encoding support
    nginx-1.13.9_http2-hpack.patch
    patch -p1 < /usr/local/src/centminmod/patches/cloudflare/nginx-1.13.9_http2-hpack.patch
    patching file auto/modules
    Hunk #1 succeeded at 437 (offset 1 line).
    patching file auto/options
    patching file src/core/ngx_murmurhash.c
    patching file src/core/ngx_murmurhash.h
    patching file src/http/v2/ngx_http_v2.c
    Hunk #1 succeeded at 274 with fuzz 1 (offset 27 lines).
    Hunk #2 succeeded at 2076 with fuzz 1 (offset 54 lines).
    patching file src/http/v2/ngx_http_v2.h
    Hunk #6 succeeded at 414 (offset -1 lines).
    patching file src/http/v2/ngx_http_v2_filter_module.c
    Hunk #1 succeeded at 26 (offset 1 line).
    Hunk #2 succeeded at 88 with fuzz 2 (offset 40 lines).
    Hunk #3 succeeded at 187 with fuzz 2 (offset 45 lines).
    Hunk #4 succeeded at 465 (offset 56 lines).
    Hunk #5 succeeded at 473 (offset 56 lines).
    Hunk #6 succeeded at 493 (offset 56 lines).
    Hunk #7 succeeded at 540 (offset 56 lines).
    Hunk #8 succeeded at 592 (offset 56 lines).
    Hunk #9 succeeded at 1025 (offset 347 lines).
    Hunk #10 succeeded at 1051 (offset 347 lines).
    patching file src/http/v2/ngx_http_v2_table.c
    
    patching nginx http/2 full HPACK encoding for nginx 1.13.9+
    
     
  3. eva2000

    eva2000 Administrator Staff Member

    46,469
    10,555
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,388
    Local Time:
    9:29 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Looking good now that Chrome 65 stable has TLSv1.3 support enabled

    Code (Text):
    curl --tlsv1.3 -Isv https://http2.centminmod.com 2>&1 | egrep 'ALPN|SSL connection'
    * ALPN, offering h2
    * ALPN, offering http/1.1
    * SSL connection using TLSv1.3 / TLS13-AES-128-GCM-SHA256
    * ALPN, server accepted to use h2
    

    Nginx 1.13.9 + OpenSSL 1.1.1-pre2 beta with TLSv1.3 support
    chrome65-tls13-01.png
    chrome65-tls13-02.png