Opened 8 years ago
Closed 8 years ago
#1172 closed enhancement (wontfix)
Please consider pre-built package for Debian jessie-backports
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | other | Version: | 1.11.x |
| Keywords: | Cc: | ||
| uname -a: | Linux 4.6.5-x86_64-linode71 #2 SMP Fri Jul 29 16:16:25 EDT 2016 x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.9.10
built with OpenSSL 1.0.2j 26 Sep 2016 TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt='-fPIE -pie -Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_v2_module --with-http_sub_module --with-http_xslt_module --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-threads --add-module=/build/nginx-wLQUs2/nginx-1.9.10/debian/modules/nginx-auth-pam --add-module=/build/nginx-wLQUs2/nginx-1.9.10/debian/modules/nginx-dav-ext-module --add-module=/build/nginx-wLQUs2/nginx-1.9.10/debian/modules/nginx-echo --add-module=/build/nginx-wLQUs2/nginx-1.9.10/debian/modules/nginx-upstream-fair --add-module=/build/nginx-wLQUs2/nginx-1.9.10/debian/modules/ngx_http_substitutions_filter_module |
||
Description
I've been running Nginx from jessie-backports to get OpenSSL 1.0.2 for http/2 support, but would like to switch to your mainline release for parallel ECDSA certificate support (and some other TLS enhancements) as well.
However, your Debian Jessie package is compiled against OpenSSL 1.0.1 and loses support for ALPN (and therefore http/2 with modern browsers). It would be great to have a package for Debian compiled against OpenSSL 1.0.2 for use with the jessie-backports version of OpenSSL.
Note:
See TracTickets
for help on using tickets.
It will force to upgrade openssl to 1.0.2 all nginx mainline package users on debian 8.*. Do not think they want it.
On the other hand full freeze for Stretch (debian 9.0) planned on Feb 5, so we may expect release in a half of year with newer openssl and other features.