Changes with nginx 1.10.0 26 Apr
2016
*) 1.10.x stable branch.
–
Maxim D.
http://nginx.org/
Hello Nginx users,
Now available: Nginx 1.10.0 for Windows
Nginx 1.10.0 for Windows – Kevin Worthington (32-bit and 64-bit versions)
These versions are to support legacy users who are already using Cygwin
based builds of Nginx. Officially supported native Windows binaries are
at
nginx.org.
Announcements are also available here:
Twitter http://twitter.com/kworthington
Google+ https://plus.google.com/+KevinWorthington/
Thank you,
Kevin
Kevin W.
kworthington @ (gmail] [dot} {com)
http://twitter.com/kworthington
https://plus.google.com/+KevinWorthington/
Hi Kevin,
You write on the https://kevinworthington.com/ site:
This release was built using OpenSSL 1.0.2g – upgrading is advised.
but both Stable version 1.10.0 (64-bit) 26 Apr 2016 and Mainline version
1.9.15 (64-bit) 20 Apr 2016 are built with OpenSSL 1.0.1g 7 Apr 2014,
which
have serious security problem: OpenSSL CCS vuln. (CVE-2014-0224)
described
on
and https://www.openssl.org/news/secadv/20140605.txt.
One can easy verify it by usage nginx -V:
C:\nginx>nginx -V
nginx version: nginx/1.10.0
built by gcc 4.8.2 (GCC)
built with OpenSSL 1.0.1g 7 Apr 2014
TLS SNI support enabled
configure arguments: …
The tests from SSL Server Test (Powered by Qualys SSL Labs) and
https://www.htbridge.com/ssl/ confirm the same too.
Could you rebuild the binaries with OpenSSL 1.0.2g and to provide there
on
Nginx for Windows - 32-bit and 64-bit - free, easy-to-use setup packages ?
Thanks in advance
Oleg
Posted at Nginx Forum: