On Tue, Sep 11, 2018 at 04:59:45PM +0200, Juan Isoza wrote: > Hello, > > What is the better way, for anyone running, by example, Apache or nginx on > a popular Linux districution (Ubuntu, Debian, Suse) and want support TLS > 1.3 ? > > Waiting package update to have openssl 1.1.1 ? probably a lot of time > > Recompile openssl dynamic library and replace system library ? We must be > sure we don't broke the system > > Recompile Apache or NGinx with openssl statically linked ? probably complex Note that you most likely need an update of both nginx/apache and openssl. I will very likely make 1.1.1 available in Debian backports. I hope that the nginx maintainer will also make a version that works with 1.1.1. But this is most likely going to take a while. We first want to make things work properly in testing. In the mean time buillding things yourself seems like the easiest solution. If using Debian you can just take the versions of the packages currently in unstable and build them on stable. Kurt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
