openssl 1.0.1 and tls1.1 and up

Nemesiz nginx-forum at nginx.us
Wed Apr 16 13:13:07 UTC 2014 

I recompiled with default openssl lib (1.0.1e-3ubuntu1.2)

Default install path:

# nginx -V
nginx version: nginx/1.5.13
built by gcc 4.8.1 (Ubuntu/Linaro 4.8.1-10ubuntu9) 
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx/1.5.13
--conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log
--http-client-body-temp-path=/var/lib/nginx/body
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi
--http-log-path=/var/log/nginx/access.log
--http-proxy-temp-path=/var/lib/nginx/proxy
--http-scgi-temp-path=/var/lib/nginx/scgi
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi --lock-path=/var/lock/nginx.lock
--pid-path=/run/nginx.pid --with-pcre-jit --with-debug
--with-http_ssl_module
--add-module=/usr/src/nginx-modules/nginx-openssl-version
--with-pcre=/usr/src/nginx-modules/pcre-8.35


nginx clone to /root/test

# ./nginx -V
nginx version: nginx/1.5.13
built by gcc 4.8.1 (Ubuntu/Linaro 4.8.1-10ubuntu9) 
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx/1.5.13
--conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log
--http-client-body-temp-path=/var/lib/nginx/body
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi
--http-log-path=/var/log/nginx/access.log
--http-proxy-temp-path=/var/lib/nginx/proxy
--http-scgi-temp-path=/var/lib/nginx/scgi
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi --lock-path=/var/lock/nginx.lock
--pid-path=/run/nginx.pid --with-pcre-jit --with-debug
--with-http_ssl_module
--add-module=/usr/src/nginx-modules/nginx-openssl-version
--with-pcre=/usr/src/nginx-modules/pcre-8.35

The same settings but default nginx runs on 80 and 443 port. Cloned nginx
runs on 81 nad 443


default nginx on port 443:
--> Testing Protocols
 
 SSLv2     NOT offered (ok) 
 SSLv3     offered 
 TLSv1     offered (ok) 
 TLSv1.1   not offered
 TLSv1.2   not offered

 SPDY/NPN   http/1.1 (advertised)

cloned nginx on port 444:
--> Testing Protocols
 
 SSLv2     NOT offered (ok) 
 SSLv3     NOT offered (ok) 
 TLSv1     offered (ok) 
 TLSv1.1   offered (ok) 
 TLSv1.2   offered (ok)


# ldd /usr/local/nginx/1.5.13/sbin/nginx  
	linux-vdso.so.1 =>  (0x00007fff623fe000)
	libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0
(0x00007f6e46143000)
	libcrypt.so.1 => /lib/x86_64-linux-gnu/libcrypt.so.1 (0x00007f6e45f0a000)
	libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0
(0x00007f6e45cab000)
	libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
(0x00007f6e458cf000)
	libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f6e456b6000)
	libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f6e452ed000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f6e4636c000)
	libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f6e450e9000)

# ldd /root/test/nginx
	linux-vdso.so.1 =>  (0x00007fffe478f000)
	libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0
(0x00007f6dcdfc5000)
	libcrypt.so.1 => /lib/x86_64-linux-gnu/libcrypt.so.1 (0x00007f6dcdd8c000)
	libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0
(0x00007f6dcdb2d000)
	libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
(0x00007f6dcd751000)
	libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f6dcd538000)
	libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f6dcd16f000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f6dce1ee000)
	libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f6dccf6b000)

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,249305,249339#msg-249339

More information about the nginx mailing list