I have abut 10 nginx servers, versions 1.0.15 and 0.8.55.
I am patching for the poodle, so:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
is accept by nginx 1.0.15 but not 0.8.55
I would prefer to use just TLSv1 on 0.8.55 if using just TLSv1 is okay.
Or would upgrading the nginxs be required ?
I dont want to upgrade the older nginx unless absolutely required.
TIA
Posted at Nginx Forum:
TLS 1.1 and 1.2 require nginx be built against the 1.0.1 branch of
OpenSSL, or the subsequent Libre and Boring forks of it. Odds are high
that if you have servers running the old 0.8.x branch of nginx it is
also running the old 0.9.8 branch of OpenSSL. As for whether or not it’s
okay to run purely TLSv1 on the nginx 0.8.55 systems it depends on your
willingness to accept the caveats that there are known and likely
unknown horrors lurking in that old version of OpenSSL and the TLSv1
protocol itself is looking a bit rickety these days.
Personally, if I’m going to run a site requiring SSL, then I’m
going to do it right and not be rolling out potentially compromised
libraries/protocols/ciphers.
Scott Larson
Systems Administrator
Wiredrive/LA
310 823 8238 ext. 1106
310 943 2078 fax
www.wiredrive.com http://www.wiredrive.com/
www.twitter.com/wiredrive http://www.twitter.com/wiredrive
Wiredrive http://www.wiredrive.com/facebook
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs