[openssl-users] Migrating to openssl 1.1.1 in real life linux server

William A Rowe Jr wrowe at rowe-clan.net
Wed Sep 12 02:15:03 UTC 2018


On Tue, Sep 11, 2018, 13:10 Kurt Roeckx <kurt at roeckx.be> wrote:

> On Tue, Sep 11, 2018 at 04:59:45PM +0200, Juan Isoza wrote:
> > Hello,
> >
> > What is the better way, for anyone running, by example, Apache or nginx
> on
> > a popular Linux districution (Ubuntu, Debian, Suse) and want support TLS
> > 1.3 ?
> >
> > Waiting package update to have openssl 1.1.1 ? probably a lot of time
> >
> > Recompile openssl dynamic library and replace system library ? We must be
> > sure we don't broke the system
> >
> > Recompile Apache or NGinx with openssl statically linked ? probably
> complex
>
> Note that you most likely need an update of both nginx/apache and
> openssl.
>

Note that httpd 2.4 released does not yet support TLS 1.3, although it
compiles against the new OpenSSL, YMMV.

Within the next two httpd releases, we would expect OpenSSL 1.1.1 TLS 1.3
support to be GA. In the interim there is a working branch for 1.1.1
compatibility merges, and svn trunk already supports it, if you want to
live on the bleeding edge.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180911/dcf41012/attachment.html>


More information about the openssl-users mailing list