This patches are pretty stable (except you can't use different OCSP
responders for SHA1 and SHA256 certs and use different ssl_stapling_files).
https://github.com/wikimedia/operations-software-nginx/tree/wmf-1.9.3-1/debian/patches
On Fri, Feb 5, 2016 at 11:17 PM, Jon Emord wrote:
> Hello,
>
>
ied in the config will be used.
Can you please review it.
Thank you.
On Tue, Oct 7, 2014 at 5:03 PM, shm...@riseup.net wrote:
>
>
> Maxim Dounin wrote:
> > Hello!
> >
> > On Tue, Oct 07, 2014 at 11:31:56AM +0400, kyprizel wrote:
> >
> >> Updating patch fo
wrong curve?
On Tue, Mar 10, 2015 at 1:27 PM, wrote:
> Hi,
>
> this time not stupidly formatted ;):
> I compiled nginx 1.7.10 + LibreSSL 2.1.4, but am not able to use ECC
> certificates.
>
> nginx -V:
> nginx version: nginx/1.7.10
> built by gcc 4.7.2 (Debian 4.7.2-5)
> TLS SNI support enabled
>
Make a pcap, check packet loss/mtu/window size.
On Wed, Feb 4, 2015 at 8:54 PM, B.R. wrote:
> Nothing in the configuration part you provided rings any bell to me on why
> this is going on.
> I suggest you take a deeper look at the server level, see if there is not
> something that might have an
Updating patch for the last nginx isn't a problem - we need to hear from
Maxim what was the problem with old patch (it wasn't applied that time -
why should by applied a new one?) to fix it.
On Mon, Oct 6, 2014 at 10:25 PM, shm...@riseup.net
wrote:
> calling all patch XPerts !
> calling all patc
Try to use 192.168.1.102:443.
On Wed, Aug 27, 2014 at 1:40 AM, Matthew Ngaha wrote:
> I'm trying Nginx with Django on my localhost. I "Include" a
> django.conf in my main nginx.conf and in this included conf the
> "server" "listens" for both http & https and sends either requests
> upstream to
No, it does not help. The problem somewhere in body reading/processing.
On Wed, Jun 4, 2014 at 8:10 PM, Andrei Belov wrote:
> Not yet.
>
> Quick look makes me think that "client_body_in_file_only on;" might help.
>
> -- defan
>
> On 04 июня 2014 г., at 19:58, ky
Andrei, have you checked issue 630?
https://github.com/SpiderLabs/ModSecurity/issues/630
On Wed, Jun 4, 2014 at 7:12 PM, Andrei Belov wrote:
> Hi,
>
> there is a lot of open issues with ModSecurity and nginx:
>
> https://github.com/SpiderLabs/ModSecurity/issues?labels=Platform+-+Nginx&state=op
I think this bug was fixed in nginx_refactoring tree.
On Wed, Jun 4, 2014 at 7:00 PM, Robert Paprocki <
rpapro...@fearnothingproductions.net> wrote:
> Can you post a full core dump? Did you verify the mod_security tarball
> you downloaded? Can detail the steps taken to build that module? What
I think the problem is your nginx uses libssl version from your OS
(0.9.8/1.0.0).
On Wed, Apr 16, 2014 at 4:08 PM, B.R. wrote:
> Rather than posting raw outputs, try to understand the piece orf advice
> Maxim gave to you.
>
> I suspect those SSL-validation websites test websites... which corres
Will this patch be applied to mainline?
On Thu, Mar 27, 2014 at 8:23 PM, Maxim Dounin wrote:
> Hello!
>
> On Wed, Mar 26, 2014 at 01:34:19PM +0400, kyprizel wrote:
>
> > will be "log_alloc_failures" better?
>
> I think something like "log_nomem&
will be "log_alloc_failures" better?
On Mon, Mar 24, 2014 at 4:10 PM, kyprizel wrote:
> Any suggestions to the name?
>
>
>
> On Mon, Mar 24, 2014 at 3:56 PM, Maxim Dounin wrote:
>
>> Hello!
>>
>> On Mon, Mar 24, 2014 at 02:59:57PM +0400, kyprizel
Any suggestions to the name?
On Mon, Mar 24, 2014 at 3:56 PM, Maxim Dounin wrote:
> Hello!
>
> On Mon, Mar 24, 2014 at 02:59:57PM +0400, kyprizel wrote:
>
> > something like this?
>
> Yes, something like. But initialized and with a better name.
>
> >
> &
something like this?
On Tue, Mar 18, 2014 at 8:00 PM, Maxim Dounin wrote:
> Hello!
>
> On Tue, Mar 18, 2014 at 03:42:33PM +0400, kyprizel wrote:
>
> > What will be the best way to do it?
>
> Probably a flag in ngx_slab_pool_t will be good enough.
>
> >
> &
What will be the best way to do it?
On Tue, Mar 18, 2014 at 3:33 PM, Maxim Dounin wrote:
> Hello!
>
> On Tue, Mar 18, 2014 at 03:26:10PM +0400, kyprizel wrote:
>
> > Hi,
> > currently SSL session lifetime and SSL ticket lifetime are equal in
> nginx.
> >
>
s added to the cache after expiration of some old ones.
So, what do you think if we add one more config parameter to split session
cache and session ticket lifetimes?
Thanks.
Regards,
kyprizel.
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.
Hi,
we got a problem with OCSP stapling.
During the handshake some browsers send TLS extension "certificate status"
with more than 5 bytes in it.
In Nginx error_log it looks like:
[crit] 8721#0: *35 SSL_do_handshake() failed (SSL: error:0D0680A8:asn1
encoding routines:ASN1_CHECK_TLEN:wrong tag er
17 matches
Mail list logo
