Re: Migrating to openssl 1.1.1 in real life linux server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Sep 11, 2018, 13:10 Kurt Roeckx <kurt@xxxxxxxxx> wrote:
On Tue, Sep 11, 2018 at 04:59:45PM +0200, Juan Isoza wrote:
> Hello,
>
> What is the better way, for anyone running, by example, Apache or nginx on
> a popular Linux districution (Ubuntu, Debian, Suse) and want support TLS
> 1.3 ?
>
> Waiting package update to have openssl 1.1.1 ? probably a lot of time
>
> Recompile openssl dynamic library and replace system library ? We must be
> sure we don't broke the system
>
> Recompile Apache or NGinx with openssl statically linked ? probably complex

Note that you most likely need an update of both nginx/apache and
openssl.

Note that httpd 2.4 released does not yet support TLS 1.3, although it compiles against the new OpenSSL, YMMV.

Within the next two httpd releases, we would expect OpenSSL 1.1.1 TLS 1.3 support to be GA. In the interim there is a working branch for 1.1.1 compatibility merges, and svn trunk already supports it, if you want to live on the bleeding edge.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux