I am using the pre-built nginx 1.2 packages from ‘deb Index of /packages/ubuntu/ oneiric nginx’ and I would like to
enable TLS 1.1/1.2. I’m running OpenSSL 1.0.0e and I understand I need
to run at least 1.0.1 for TLS 1.1/1.2 to be supported.
Is this a matter of just upgrading OpenSSL at the Ubuntu (Linux) level,
or will I need to build Nginx from source with the OpenSSL 1.0.1 libs?
As a secondary question, have any dates been thrown around as to when
packages will be released that enable TLS v1.1/v1.2?
You can build nginx with SSL support by using OpenSSL, shared or
compiled-in. The wiki covers all the ./configure options you can use,
as well as default and third-party modules. If it’s not compiled in
(by you or a package maintainer), i don’t think you can enable it at
run-time.
Everything else is distro-specific, ask in an Ubuntu mailing list.
Is this a matter of just upgrading OpenSSL at the Ubuntu (Linux) level,
or will I need to build Nginx from source with the OpenSSL 1.0.1 libs?
TLSv1.1/1.2 will work if you upgrade only openssl, but you will not be
able
to turn it off with ssl_protocols directive.
As a secondary question, have any dates been thrown around as to when
packages will be released that enable TLS v1.1/v1.2?
TLS v1.1/1.2 support depend on openssl version. We plan to build package
for Ubuntu 12.04, which is shipped with openssl 1.0.1, when nginx 1.2.1
will be released.