nginx centos build only supports SSLv3 and ignores ssl_protocols

mayak mayak at australsat.com
Wed Oct 1 15:10:37 UTC 2014


On 10/01/2014 04:54 PM, Lukas Tribus wrote:
>> thanks for your note -- i totally forgot to give specifics:
>>
>> - CentOS 6.5, x64, totally up2date
>> - OpenSSL 1.0.1e-fips 11 Feb 2013
>> - nginx-1.6.2-1.el6.ngx.x86_64 (from nginx repo)
>> - openssl-1.0.1e-16.el6_5.15.x86_64
>> - openssl-devel-1.0.1e-16.el6_5.15.x86_64
>>
>> i did rebuild your src rpm on my machine, and it sill wont support any TLS versions ...
> post the output of the following commands:
> which nginx (use is this path instead of /path/to/nginx)
> /path/to/nginx -V
> ldd /path/to/nginx
>
>
> and specify if this is with your src build or with the prebuild binary.
>
hi lukas,

here we go:

<cmdlines>
[root ~]# which /usr/sbin/nginx
/usr/sbin/nginx

[root ~]# /usr/sbin/nginx -V
nginx version: nginx/1.6.2
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC)
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_spdy_module 
--with-cc-opt='-O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic'

[root ~]# ldd /usr/sbin/nginx
     linux-vdso.so.1 =>  (0x00007fff1d5ff000)
     libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f5ca7ec3000)
     libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f5ca7c8c000)
     libpcre.so.0 => /lib64/libpcre.so.0 (0x00007f5ca7a5f000)
     libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f5ca77f3000)
     libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007f5ca7413000)
     libdl.so.2 => /lib64/libdl.so.2 (0x00007f5ca720e000)
     libz.so.1 => /lib64/libz.so.1 (0x00007f5ca6ff8000)
     libc.so.6 => /lib64/libc.so.6 (0x00007f5ca6c64000)
     /lib64/ld-linux-x86-64.so.2 (0x00007f5ca80ea000)
     libfreebl3.so => /lib64/libfreebl3.so (0x00007f5ca69ec000)
     libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007f5ca67a8000)
     libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f5ca64c2000)
     libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f5ca62bd000)
     libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007f5ca6091000)
     libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007f5ca5e86000)
     libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007f5ca5c82000)
     libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f5ca5a68000)
     libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f5ca5848000)
</cmdlines>


cheers

m




More information about the nginx mailing list