TLS 1.3 support in nginx-1.17.1 binary for Ubuntu 18.04 "bionic" provided by nginx.org

Zeev Tarantov zeev at initech.co.il
Wed Jul 3 15:49:57 UTC 2019


I've installed the nginx package provided by nginx.org (
https://nginx.org/en/linux_packages.html#Ubuntu)
specifically the binary provided by
https://nginx.org/packages/mainline/ubuntu/pool/nginx/n/nginx/nginx_1.17.1-1~bionic_amd64.deb
and it doesn't have TLS 1.3 support.
According to
https://mailman.nginx.org/pipermail/nginx/2019-January/057402.html this
would be because it was built on an Ubuntu 18.04 "bionic" that was not
fully updated.
Ubuntu 18.04 "bionic" switched from openssl 1.1.0 to openssl 1.1.1 recently
and I hoped the newer releases would be compiled with openssl 1.1.1 and
support TLS 1.3.
When I build that package myself (using apt-get source nginx ; cd
nginx-1.17.1/ ; debuild -i -us -uc -b) on a fully updated Ubuntu 18.04
"bionic", it does support TLS 1.3.
I ask that the build environment is set up such that the next release will
support TLS 1.3, or better yet, that 1.16.0 and 1.17.1 packages for Ubuntu
18.04 "bionic" are updated to include TLS 1.3 support.
Unless such packages won't work on a non-updated Ubuntu 18.04 system? (Why?)
Or does anyone know of a workaround that does not involve building the
packages myself?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20190703/da3ba28a/attachment.html>


More information about the nginx mailing list