[openssl-users] Migrating to openssl 1.1.1 in real life linux server

Kurt Roeckx kurt at roeckx.be
Tue Sep 11 18:14:00 UTC 2018


On Tue, Sep 11, 2018 at 08:10:01PM +0200, Kurt Roeckx wrote:
> On Tue, Sep 11, 2018 at 04:59:45PM +0200, Juan Isoza wrote:
> > Hello,
> > 
> > What is the better way, for anyone running, by example, Apache or nginx on
> > a popular Linux districution (Ubuntu, Debian, Suse) and want support TLS
> > 1.3 ?
> > 
> > Waiting package update to have openssl 1.1.1 ? probably a lot of time
> > 
> > Recompile openssl dynamic library and replace system library ? We must be
> > sure we don't broke the system
> > 
> > Recompile Apache or NGinx with openssl statically linked ? probably complex
> 
> Note that you most likely need an update of both nginx/apache and
> openssl.
> 
> I will very likely make 1.1.1 available in Debian backports. I hope that
> the nginx maintainer will also make a version that works with 1.1.1.

Looking at stretch-backports, it already has an nginx version that is
recent enough, so you would just need a new openssl. I can only do
an openssl upload to backports after it has reached testing.


Kurt



More information about the openssl-users mailing list