Adding OpenSSL ciphersuites at compile time
mdounin at mdounin.ru
Thu Apr 5 18:52:25 UTC 2018
On Thu, Apr 05, 2018 at 06:39:45PM +0000, Neil Craig wrote:
> Hi Thomas
> Thanks for your reply. What you outline is essentially what I
> want to do – I am statically compiling nginx against a specific
> openssl version and I want to be able to re-enable 3DES
> ciphersuites which are disabled in openssl 1.1.0+ (we have some
> audience demographics in e.g. Rural India and North Africa, a
> reasonable proportion of whom use very old mobile handsets).
> So…what I would like to be able to do is to add something to my
> configure for nginx which would trigger the same behaviour as if
> I were adding “enable-<ciphersuite>” when configuring openssl.
> Hopefully that makes a bit more sense now :-).
You can specify additional OpenSSL config options using
the --with-openssl-opt configure option.
$ ./configure --help | grep openssl
--with-openssl=DIR set path to OpenSSL library sources
--with-openssl-opt=OPTIONS set additional build options for OpenSSL
More information about the nginx-devel