nginx 0.7.65 and TLS1.2
Reinis Rozitis
r at roze.lv
Fri May 15 10:07:30 UTC 2020
> it's dependent on openssh version and installed one is 1.0.1t
On openssl.
> which seem to support TLS1.2, but "nmap --script ssl-enum-ciphers -p 443
> sitename" says only SSLv3 and TLS1.0 are supported. So is there anything I
> can to to make nginx 0.7.65 recognize TLS1.2 and use it?
>
> Yeah I know I talk about ancient software here, but I'm in no position to do
> very wide upgrades. Debian 6 is the system.
I'm not sure it's supported in nginx in that particular version as:
Changes with nginx 1.1.13 16 Jan 2012
*) Feature: the "TLSv1.1" and "TLSv1.2" parameters of the
"ssl_protocols" directive.
But is there a reason you can't compile a newer nginx/openssl and use that instead of the 10 year old Debian package?
You can compile/link nginx with openssl statically so it doesn't affect the system package and dependencies in any way:
1. download and extract https://www.openssl.org/source/openssl-1.1.1g.tar.gz
2. download and extract http://nginx.org/download/nginx-1.18.0.tar.gz
3. configure the nginx with: ./configure --with-openssl=path/extracted/openssl-1.1.1g --with-openssl-opt=enable-weak-ssl-ciphers
(obviously add other configure options like --prefix --with-http_ssl_module --with-http_v2_module etc .. you can check the current configuration with 'nginx -V')
4. make
And now you have a nginx binary with statically linked openssl 1.1.1 which has also tls 1.3 support.
rr
More information about the nginx
mailing list