Inquiry regarding support for OpenSSL 1.0.2i
jhernandez at azeus.com
Wed Sep 28 09:34:58 UTC 2016
We've recently received a notification regarding a vulnerability in
OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
This is fixed in OpenSSL v1.0.2i
We're running an Nginx proxy server on Windows 2012 R2 and are currently
using Nginx 1.9.9 - with OpenSSL 1.0.2e
We do plan to upgrade to the latest stable nginx-1.10.1, but it seems
this version for Windows was compiled with OpenSSL 1.0.2*h*.
Any idea when a new stable or mainline version will come out with
OpenSSL 1.0.2i support ?
Alternatively, we're also looking to build a custom 1.10.1 with the
OpenSSL 1.0.2i library with the instructions here:
But we're not sure if 1.10.1 would support OpenSSL 1.0.2i. Has anyone
tried this approach before ?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx