Centos 6.5 and ECDH ciphers in nginx.org Centos repo
Nick Jenkin
nick at thenile.com.au
Mon Jan 6 10:10:43 UTC 2014
RHEL used 1.0.0 in 6.4, however in 6.5 it was updated to OpenSSL 1.0.1e-fips 11 Feb 2013
See: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/6.5_Release_Notes/
Like I said, if I compile nginx myself it ECDH works fine. It’s the nginx.org binaries that do not work. So it would appear the nginx.org binaries are statically compiled against the older version, so I guess the question is when will the nginx.org builds be built on 6.5?
-Nick
On 6 Jan 2014, at 9:07 pm, Jeffrey Walton <noloader at gmail.com> wrote:
> On Sun, Jan 5, 2014 at 10:56 PM, Nick Jenkin <nick at thenile.com.au> wrote:
>> Hi
>>
>> In Centos 6.5 (and RHEL 6.5) the ECDH ciphers were enabled. There appears to be an issue with the nginx.org 1.5.8 Centos binaries still not having support for ECDHE despite having updated openssl 1.01e with elliptic curves.
>>
>> If I compile from source, ECDH works fine. Is there something wrong with the centos binaries?
>>
> http://unix.stackexchange.com/questions/84283/how-can-i-get-tlsv1-2-support-in-apache-on-rhel6-centos-sl6
>
> Though the question is about Apache, it specifically calls out nginx
> as needing a recompile on the platform after updating from OpenSSL
> 1.0.0 to OpenSSL 1.0.1 due to static linking.
>
> Jeff
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
More information about the nginx
mailing list