Nginx with OpenSSL 1.1.1n

Lukas Tribus lukas at
Sun Mar 27 14:49:09 UTC 2022

On Sun, 27 Mar 2022 at 15:58, Sergey A. Osokin <osa at> wrote:
> Hi,
> On Sun, Mar 27, 2022 at 02:04:10AM -0400, sukeerthiadiga wrote:
> > The Mainline version of Nginx i.e 1.12.6 has the OpenSSL version 1.1.1m and
> > it is vulnerable.
> That's a bit far from true.  NGINX, as many other products, depends on other
> open source software components, like openssl, pcre, zlib.  Library of those
> components are supported by an operating system vendor.  I'd recommend
> to contact to the vendor of a corresponding OS to get an update of a
> component.

Actually, provides windows binaries with openssl statically
compiled in:

C:\nginx-1.21.6>nginx -V
nginx version: nginx/1.21.6
built by cl 16.00.40219.01 for 80x86
built with OpenSSL 1.1.1m  14 Dec 2021
TLS SNI support enabled
configure arguments: --with-cc=cl --builddir=objs.msvc8 --with-debug
--prefix= --conf-path=conf/nginx.conf --pid-path=logs/
--http-log-path=logs/access.log --error-log-path=logs/error.log
--http-uwsgi-temp-path=temp/uwsgi_temp --with-cc-opt=-DFD_SETSIZE=1024
--with-zlib=objs.msvc8/lib/zlib-1.2.11 --with-http_v2_module
--with-http_realip_module --with-http_addition_module
--with-http_sub_module --with-http_dav_module
--with-http_stub_status_module --with-http_flv_module
--with-http_mp4_module --with-http_gunzip_module
--with-http_gzip_static_module --with-http_auth_request_module
--with-http_random_index_module --with-http_secure_link_module
--with-http_slice_module --with-mail --with-stream
--with-openssl-opt='no-asm no-tests -D_WIN32_WINNT=0x0501'
--with-http_ssl_module --with-mail_ssl_module --with-stream_ssl_module



More information about the nginx mailing list