Welcome! Log In Create A New Profile

Advanced

Selecting a TLS library for Nginx in 2020

August 27, 2020 04:53AM
I compile Nginx from mainline source and update shortly after each patch/point release. As part of the compile process, I obtain the current OpenSSL source and bake that in with these compile flags:

--with-openssl-opt="enable-ec_nistp_64_gcc_128 shared no-ssl2 no-ssl3 no-weak-ssl-ciphers -fstack-protector-strong" \
--with-openssl=../../openssl-source/openssl-OpenSSL_$openssl_source_version

I understand Nginx can be compiled with other TLS libraries. I also understand this might be 'there be dragons' territory.

I use OpenSSL because it appears to work for my use case. However, I am researching alternative TLS libraries to perhaps use with Nginx.

Heartbleed (2014) alerted me to the issue(s) with OpenSSL and although some time has passed, I am aware that projects like LibreSSL were borne out of a necessity to improve code quality. TLS 1.3 support in LibreSSL is improving, and that's my impetus to investigate a potential change.

If you compile Nginx with a TLS library -- whether it's OpenSSL or not -- I would be grateful if you could tell me what vendor/flavour you use, and a brief note about why you selected it.

Thank you, and best wishes to you from rainy Cornwall, United Kingdom.
Subject Author Posted

Selecting a TLS library for Nginx in 2020

petecooper August 27, 2020 04:53AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 65
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready