Adding OpenSSL ciphersuites at compile time

Maxim Dounin mdounin at
Thu Apr 5 18:52:25 UTC 2018


On Thu, Apr 05, 2018 at 06:39:45PM +0000, Neil Craig wrote:

> Hi Thomas
> Thanks for your reply. What you outline is essentially what I 
> want to do – I am statically compiling nginx against a specific 
> openssl version and I want to be able to re-enable 3DES 
> ciphersuites which are disabled in openssl 1.1.0+ (we have some 
> audience demographics in e.g. Rural India and North Africa, a 
> reasonable proportion of whom use very old mobile handsets).
> So…what I would like to be able to do is to add something to my 
> configure for nginx which would trigger the same behaviour as if 
> I were adding “enable-<ciphersuite>” when configuring openssl.
> Hopefully that makes a bit more sense now :-).

You can specify additional OpenSSL config options using 
the --with-openssl-opt configure option.

$ ./configure --help | grep openssl
  --with-openssl=DIR                 set path to OpenSSL library sources
  --with-openssl-opt=OPTIONS         set additional build options for OpenSSL

Maxim Dounin

More information about the nginx-devel mailing list