Welcome! Log In Create A New Profile

Advanced

Re: nginx centos build only supports SSLv3 and ignores ssl_protocols

mayak
October 01, 2014 11:12AM
On 10/01/2014 04:54 PM, Lukas Tribus wrote:
>> thanks for your note -- i totally forgot to give specifics:
>>
>> - CentOS 6.5, x64, totally up2date
>> - OpenSSL 1.0.1e-fips 11 Feb 2013
>> - nginx-1.6.2-1.el6.ngx.x86_64 (from nginx repo)
>> - openssl-1.0.1e-16.el6_5.15.x86_64
>> - openssl-devel-1.0.1e-16.el6_5.15.x86_64
>>
>> i did rebuild your src rpm on my machine, and it sill wont support any TLS versions ...
> post the output of the following commands:
> which nginx (use is this path instead of /path/to/nginx)
> /path/to/nginx -V
> ldd /path/to/nginx
>
>
> and specify if this is with your src build or with the prebuild binary.
>
hi lukas,

here we go:

<cmdlines>
[root ~]# which /usr/sbin/nginx
/usr/sbin/nginx

[root ~]# /usr/sbin/nginx -V
nginx version: nginx/1.6.2
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC)
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_spdy_module
--with-cc-opt='-O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic'

[root ~]# ldd /usr/sbin/nginx
linux-vdso.so.1 => (0x00007fff1d5ff000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f5ca7ec3000)
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f5ca7c8c000)
libpcre.so.0 => /lib64/libpcre.so.0 (0x00007f5ca7a5f000)
libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f5ca77f3000)
libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007f5ca7413000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f5ca720e000)
libz.so.1 => /lib64/libz.so.1 (0x00007f5ca6ff8000)
libc.so.6 => /lib64/libc.so.6 (0x00007f5ca6c64000)
/lib64/ld-linux-x86-64.so.2 (0x00007f5ca80ea000)
libfreebl3.so => /lib64/libfreebl3.so (0x00007f5ca69ec000)
libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007f5ca67a8000)
libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f5ca64c2000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f5ca62bd000)
libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007f5ca6091000)
libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007f5ca5e86000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007f5ca5c82000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f5ca5a68000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f5ca5848000)
</cmdlines>


cheers

m


_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

nginx centos build only supports SSLv3 and ignores ssl_protocols

mayak October 01, 2014 08:12AM

Re: nginx centos build only supports SSLv3 and ignores ssl_protocols

mex October 01, 2014 08:33AM

Re: nginx centos build only supports SSLv3 and ignores ssl_protocols

mayak October 01, 2014 10:40AM

RE: nginx centos build only supports SSLv3 and ignores ssl_protocols

Lukas Tribus October 01, 2014 10:56AM

Re: nginx centos build only supports SSLv3 and ignores ssl_protocols

mayak October 01, 2014 11:12AM

Re: nginx centos build only supports SSLv3 and ignores ssl_protocols

mex October 01, 2014 01:26PM

RE: nginx centos build only supports SSLv3 and ignores ssl_protocols

Lukas Tribus October 01, 2014 02:46PM

Re: nginx centos build only supports SSLv3 and ignores ssl_protocols

mayak October 01, 2014 04:48PM

Re: nginx centos build only supports SSLv3 and ignores ssl_protocols

GreenGecko October 01, 2014 06:18PM

Re: nginx centos build only supports SSLv3 and ignores ssl_protocols [solved -- found an issue in nginx]

mayak October 02, 2014 02:02AM

Re: nginx centos build only supports SSLv3 and ignores ssl_protocols[solved -- found an issue in nginx]

Rob Stradling October 02, 2014 08:50AM

Re: nginx centos build only supports SSLv3 and ignores ssl_protocols[solved -- found an issue in nginx]

mayak October 02, 2014 01:34PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 62
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 254 on July 05, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready