Welcome! Log In Create A New Profile

Re: Inquiry regarding support for OpenSSL 1.0.2i

Forum List Message List New Topic Print View

Valentin V. Bartenev

September 28, 2016 08:32AM

On Wednesday 28 September 2016 17:34:58 jhernandez wrote:
> Hello,
>
> We've recently received a notification regarding a vulnerability in
> OpenSSL:
> OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
> This is fixed in OpenSSL v1.0.2i
>
> We're running an Nginx proxy server on Windows 2012 R2 and are currently
> using Nginx 1.9.9 - with OpenSSL 1.0.2e
> We do plan to upgrade to the latest stable nginx-1.10.1, but it seems
> this version for Windows was compiled with OpenSSL 1.0.2*h*.
>
> Any idea when a new stable or mainline version will come out with
> OpenSSL 1.0.2i support ?
> Alternatively, we're also looking to build a custom 1.10.1 with the
> OpenSSL 1.0.2i library with the instructions here:
> http://nginx.org/en/docs/howto_build_on_win32.html
> But we're not sure if 1.10.1 would support OpenSSL 1.0.2i. Has anyone
> tried this approach before ?
>

http://mailman.nginx.org/pipermail/nginx/2016-September/051914.html

wbr, Valentin V. Bartenev

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
Inquiry regarding support for OpenSSL 1.0.2i	jhernandez	September 28, 2016 05:38AM
Re: Inquiry regarding support for OpenSSL 1.0.2i	itpp2012	September 28, 2016 08:12AM
Re: Inquiry regarding support for OpenSSL 1.0.2i	Valentin V. Bartenev	September 28, 2016 08:32AM
Re: Inquiry regarding support for OpenSSL 1.0.2i	Jonathan Vanasco	September 28, 2016 11:52AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 241

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018