Nginx-1.10.0

Changes with nginx 1.10.0 26 Apr
2016

*) 1.10.x stable branch.


Maxim D.
http://nginx.org/

Hello Nginx users,

Now available: Nginx 1.10.0 for Windows
https://kevinworthington.com/nginxwin1100 (32-bit and 64-bit versions)

These versions are to support legacy users who are already using Cygwin
based builds of Nginx. Officially supported native Windows binaries are
at
nginx.org.

Announcements are also available here:
Twitter http://twitter.com/kworthington
Google+ https://plus.google.com/+KevinWorthington/

Thank you,
Kevin

Kevin W.
kworthington @ (gmail] [dot} {com)
http://kevinworthington.com/
http://twitter.com/kworthington
https://plus.google.com/+KevinWorthington/

Hi Kevin,

You write on the https://kevinworthington.com/ site:

This release was built using OpenSSL 1.0.2g – upgrading is advised.

but both Stable version 1.10.0 (64-bit) 26 Apr 2016 and Mainline version
1.9.15 (64-bit) 20 Apr 2016 are built with OpenSSL 1.0.1g 7 Apr 2014,
which
have serious security problem: OpenSSL CCS vuln. (CVE-2014-0224)
described
on
https://blog.qualys.com/ssllabs/2014/06/13/ssl-pulse-49-vulnerable-to-cve-2014-0224-14-exploitable
and https://www.openssl.org/news/secadv/20140605.txt.

One can easy verify it by usage nginx -V:
C:\nginx>nginx -V
nginx version: nginx/1.10.0
built by gcc 4.8.2 (GCC)
built with OpenSSL 1.0.1g 7 Apr 2014
TLS SNI support enabled
configure arguments: …

The tests from https://www.ssllabs.com/ssltest/ and
https://www.htbridge.com/ssl/ confirm the same too.

Could you rebuild the binaries with OpenSSL 1.0.2g and to provide there
on
https://kevinworthington.com/nginx-for-windows/ ?

Thanks in advance
Oleg

Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,266381,266429#msg-266429

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs