Opened 9 years ago
Closed 9 years ago
#820 closed enhancement (wontfix)
Add neverbleed support
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | major | Milestone: | 1.9.6 |
| Component: | nginx-core | Version: | 1.9.x |
| Keywords: | neverbleed, heartbleed | Cc: | |
| uname -a: | Linux arch-server 4.2.3-1-ARCH #1 SMP PREEMPT Sat Oct 3 18:52:50 CEST 2015 x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.9.5
built with OpenSSL 1.0.2d 9 Jul 2015 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --sbin-path=/usr/bin/nginx --pid-path=/run/nginx.pid --lock-path=/run/lock/nginx.lock --user=http --group=http --http-log-path=/var/log/nginx/access.log --error-log-path=stderr --http-client-body-temp-path=/var/lib/nginx/client-body --http-proxy-temp-path=/var/lib/nginx/proxy --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-mail --with-mail_ssl_module --with-ipv6 --with-pcre-jit --with-file-aio --with-http_dav_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_realip_module --with-http_v2_module --with-http_ssl_module --with-http_stub_status_module --with-http_addition_module --with-http_degradation_module --with-http_flv_module --with-http_mp4_module --with-http_secure_link_module --with-http_sub_module --with-threads --with-stream |
||
Description
Hi,
[Neverbleed](https://github.com/h2o/neverbleed) is a privilege separation engine for OpenSSL / LibreSSL that runs RSA private key operations in an isolated process, thereby minimizing the risk of private key leak in case of vulnerability such as Heartbleed.
Please support it to increase the security of Nginx.
Thanks in advance,
Note:
See TracTickets
for help on using tickets.
As of nginx 1.7.9+, loading of secret keys via arbitrary OpenSSL engines is supported, and this allows to store store keys even on hardware tokens, as well as in isolated processes. There is no need to reinvent the wheel.