nginx-forum at forum.nginx.org
Wed Apr 27 10:02:20 UTC 2016
You write on the https://kevinworthington.com/ site:
> This release was built using OpenSSL 1.0.2g – upgrading is advised.
but both Stable version 1.10.0 (64-bit) 26 Apr 2016 and Mainline version
1.9.15 (64-bit) 20 Apr 2016 are built with OpenSSL 1.0.1g 7 Apr 2014, which
have serious security problem: OpenSSL CCS vuln. (CVE-2014-0224) described
One can easy verify it by usage nginx -V:
nginx version: nginx/1.10.0
built by gcc 4.8.2 (GCC)
built with OpenSSL 1.0.1g 7 Apr 2014
TLS SNI support enabled
configure arguments: ...
The tests from https://www.ssllabs.com/ssltest/ and
https://www.htbridge.com/ssl/ confirm the same too.
Could you rebuild the binaries with OpenSSL 1.0.2g and to provide there on
Thanks in advance
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,266381,266429#msg-266429
More information about the nginx