Opened 6 years ago
Closed 6 years ago
#1625 closed defect (invalid)
TLS1.3 not available with nginx 1.15.3 and openssl 1.1.1-pre9
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-core | Version: | 1.15.x |
| Keywords: | Cc: | ||
| uname -a: | Linux Idril.dryusdan.fr 4.9.0-8-amd64 #1 SMP Debian 4.9.110-3+deb9u4 (2018-08-21) x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.15.3
built by gcc 6.3.0 20170516 (Debian 6.3.0-18+deb9u1) built with OpenSSL 1.1.1-pre9 (beta) 20 Jun 2018 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/local/sbin/nginx --http-log-path=/var/log/nginx/logs/nginx_access.log --error-log-path=/var/log/nginx/logs/nginx_error.log --pid-path=/run/nginx.pid --lock-path=/run/nginx.lock --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-threads --with-stream --with-stream_ssl_module --with-http_slice_module --with-mail --with-pcre-jit --with-mail_ssl_module --with-http_v2_module --with-file-aio --with-ipv6 --add-module=/tmp/headers-more-nginx-module --add-module=/tmp/nginx-ct --add-module=/tmp/ngx_brotli --with-cc-opt='-O3 -fPIE -fstack-protector-strong -D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -Wno-deprecated-declarations' --with-openssl-opt='no-async enable-ec_nistp_64_gcc_128 no-shared no-ssl2 no-ssl3 no-comp no-idea no-weak-ssl-ciphers -DOPENSSL_NO_HEARTBEATS -O3 -fPIE -fstack-protector-strong -D_FORTIFY_SOURCE=2' --with-openssl=/tmp/openssl-1.1.1-pre9 |
||
Description
Hi
I compile everytime the last nginx version and the last openssl version. On the last compilation with OpenSSl 1.1.1-pre9, I found a problem : TLS1.3 is not active, but with OpenSSL 1.1.1-pre8 it's okay.
I see in your changelog you encounter some problem like this with ssl lib version, so, I think is a good idea to tell this problem with you :)
Thank you Nginx :D
Dryusdan
Attachments (1)
Change History (2)
by , 6 years ago
| Attachment: | nginx_compile.sh added |
|---|
comment:1 by , 6 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
Works fine here. Note that TLS 1.3 in OpenSSL 1.1.1-pre9 switched to use on-wire version of TLS 1.3 as defined by RFC 8446, and this may not be compatible with other clients implementing earlier TLS 1.3 drafts. For tests, use the openssl binary as available with the library you've compiled nginx with.
Note:
See TracTickets
for help on using tickets.
My script to compile nginx :)