Opened 3 years ago

Closed 3 years ago

#1172 closed enhancement (wontfix)

Please consider pre-built package for Debian jessie-backports

Reported by: plinss@… Owned by:
Priority: minor Milestone:
Component: other Version: 1.11.x
Keywords: Cc:
uname -a: Linux 4.6.5-x86_64-linode71 #2 SMP Fri Jul 29 16:16:25 EDT 2016 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.9.10
built with OpenSSL 1.0.2j 26 Sep 2016
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt='-fPIE -pie -Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_v2_module --with-http_sub_module --with-http_xslt_module --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-threads --add-module=/build/nginx-wLQUs2/nginx-1.9.10/debian/modules/nginx-auth-pam --add-module=/build/nginx-wLQUs2/nginx-1.9.10/debian/modules/nginx-dav-ext-module --add-module=/build/nginx-wLQUs2/nginx-1.9.10/debian/modules/nginx-echo --add-module=/build/nginx-wLQUs2/nginx-1.9.10/debian/modules/nginx-upstream-fair --add-module=/build/nginx-wLQUs2/nginx-1.9.10/debian/modules/ngx_http_substitutions_filter_module

Description

I've been running Nginx from jessie-backports to get OpenSSL 1.0.2 for http/2 support, but would like to switch to your mainline release for parallel ECDSA certificate support (and some other TLS enhancements) as well.

However, your Debian Jessie package is compiled against OpenSSL 1.0.1 and loses support for ALPN (and therefore http/2 with modern browsers). It would be great to have a package for Debian compiled against OpenSSL 1.0.2 for use with the jessie-backports version of OpenSSL.

Change History (1)

comment:1 by Sergey Budnevitch, 3 years ago

Resolution: wontfix
Status: newclosed

It will force to upgrade openssl to 1.0.2 all nginx mainline package users on debian 8.*. Do not think they want it.
On the other hand full freeze for Stretch (debian 9.0) planned on Feb 5, so we may expect release in a half of year with newer openssl and other features.

Note: See TracTickets for help on using tickets.