On Sep 28, 2016, at 5:34 AM, jhernandez wrote:
> But we're not sure if 1.10.1 would support OpenSSL 1.0.2i. Has anyone tried
> this approach before ?
FYI, OpenSSL 1.1 and 1.02 branches had security fixes on 9/26 to their 9/22
releases
The current releases are:
1.0.2j
1.1.0b
On Wednesday 28 September 2016 17:34:58 jhernandez wrote:
> Hello,
>
> We've recently received a notification regarding a vulnerability in
> OpenSSL:
> OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
> This is fixed in OpenSSL v1.0.2i
>
> We're running an Nginx proxy server
Try this one http://nginx-win.ecsds.eu/
with 1.0.2j
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,269889,269898#msg-269898
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Hello,
We've recently received a notification regarding a vulnerability in
OpenSSL:
OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
This is fixed in OpenSSL v1.0.2i
We're running an Nginx proxy server on Windows 2012 R2 and are currently
using Nginx 1.9.9 - with OpenSSL
