[PATCH] SSL: support automatic selection of ECDH temporary key parameters
mdounin at mdounin.ru
Wed Apr 16 10:00:13 UTC 2014
On Tue, Apr 15, 2014 at 12:44:37PM -0700, Piotr Sikora wrote:
> Hey Maxim,
> >> - If nginx was compiled with OpenSSL 1.0.2, but used with an
> >> older version, things will not work at all; this is not something
> >> completely unacceptable, but it's something we may want to
> >> avoid.
> > Will look into it.
> How about adding check to make sure that OpenSSL version nginx was
> built against (i.e. version info from the headers) matches the version
> from the library we're loading (i.e. version info from the runtime)?
I don't think check per se is a good idea - in particular, nginx
should be able to start with any newer version of OpenSSL.
If there is no easy solution (like, e.g., with SNI, where we check
SSL_CTX_set_tlsext_servername_callback() result and act
accordingly) - there is no need to bother.
More information about the nginx-devel