On Tue, Sep 11, 2018, 13:10 Kurt Roeckx <kurt@xxxxxxxxx> wrote:
On Tue, Sep 11, 2018 at 04:59:45PM +0200, Juan Isoza wrote:
> Hello,
>
> What is the better way, for anyone running, by example, Apache or nginx on
> a popular Linux districution (Ubuntu, Debian, Suse) and want support TLS
> 1.3 ?
>
> Waiting package update to have openssl 1.1.1 ? probably a lot of time
>
> Recompile openssl dynamic library and replace system library ? We must be
> sure we don't broke the system
>
> Recompile Apache or NGinx with openssl statically linked ? probably complex
Note that you most likely need an update of both nginx/apache and
openssl.
Note that httpd 2.4 released does not yet support TLS 1.3, although it compiles against the new OpenSSL, YMMV.
Within the next two httpd releases, we would expect OpenSSL 1.1.1 TLS 1.3 support to be GA. In the interim there is a working branch for 1.1.1 compatibility merges, and svn trunk already supports it, if you want to live on the bleeding edge.
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users