Beta Branch nginx 1.15.4 openssl 1.1.1 renegotiation security bug fix

nginx 1.15.4 openssl 1.1.1 renegotiation security bug fix

---

For Centmin Mod 123.09beta01+ and newer testssl tests fail the Secure Client-Initiated Renegotiation test so this patch for Nginx is for a security bug fix for OpenSSL 1.1.1 built Nginx 1.15.4+

Continue reading...

123.09beta01 branch

• Branch: https://github.com/centminmod/centminmod/tree/123.09beta01
• Commit History: https://github.com/centminmod/centminmod/commits/123.09beta01

 

testssl tests before fix versus after fix

before

Code (Text):

 Testing vulnerabilities

 Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension
 CCS (CVE-2014-0224)                       not vulnerable (OK)
 Ticketbleed (CVE-2016-9244), experiment.  not vulnerable (OK), no session tickets
 ROBOT                                     not vulnerable (OK)
 Secure Renegotiation (CVE-2009-3555)      not vulnerable (OK)
 Secure Client-Initiated Renegotiation     VULNERABLE (NOT ok), DoS threat
 CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)

after

Code (Text):

Testing vulnerabilities

 Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension
 CCS (CVE-2014-0224)                       not vulnerable (OK)
 Ticketbleed (CVE-2016-9244), experiment.  not vulnerable (OK), no session tickets
 ROBOT                                     not vulnerable (OK)
 Secure Renegotiation (CVE-2009-3555)      not vulnerable (OK)
 Secure Client-Initiated Renegotiation     not vulnerable (OK)
 CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)

 

might want to start a thread in Install & Upgrades or Pre-Install Questions with outline of your issue and what type of script/web app/sites are being affected error message wise etc