Aidan Scheller Wrote:
---
> Does using the --with-openssl-opt="enable-ec_nistp_64_gcc_128"
> configure parameter without the *--with-openssl *cause a static
> version of
> OpenSSL to be created for Nginx? I'm unsure as the configuration
> summar
Does using the --with-openssl-opt="enable-ec_nistp_64_gcc_128"
configure parameter without the *--with-openssl *cause a static version of
OpenSSL to be created for Nginx? I'm unsure as the configuration summary
then lists that the system library is being used.
Thanks,
Aidan
On Wed, Jan 8, 20
itpp2012 Wrote:
---
> 1.0.1f against 1.5.9 mainline (today);
>
> .\ssl\s23_clnt.c(286) : warning C4244: 'initializing' : conversion
> from 'time_t' to 'unsigned long', possible loss of data
Also found by http://rt.openssl.org/Ticket/Display.html
1.0.1f against 1.5.9 mainline (today);
ecp_nistputil.obj : warning LNK4221: This object file does not define any
previously undefined public symbols, so it will not be used by any link
operation that consumes this library
ecp_nistp521.obj : warning LNK4221: This object file does not define any
pr
On Tue, Jan 7, 2014 at 9:35 AM, coderman wrote:
>...
> in any case, end result: use 1.0.1f and be happy
and if concerned that your OS distribution or upstream OpenSSL lacks this fix,
confirm yourself via openssl-1.0.1f/crypto/engine/eng_rdrand.c in patched src
if you see !ENGINE_set_flags(e, E
On Mon, Jan 6, 2014 at 2:04 PM, Lukas Tribus wrote:
> Hi,
>
>
>> It does not look like 1.0.1f changed the default behavior of
>> ENGINE_rdrand (coderman's been following it).
>
> Yes it did, rdrand is no longer enabled by default. Here [1] is
> the backport in the OpenSSL_1_0_1-stable head [2].
>
On 06/01/14 21:02, Rob Stradling wrote:
On 06/01/14 20:40, Jeffrey Walton wrote:
There's also an Apple SecureTransport bug workaround. Apple's
SecrureTransport does not properly negotiate ECDHE-ECDSA cipher
suites. It affects Mac OS X and could affect iOS. It might be prudent
to add SSL_OP_SAFA
Hi,
> It does not look like 1.0.1f changed the default behavior of
> ENGINE_rdrand (coderman's been following it).
Yes it did, rdrand is no longer enabled by default. Here [1] is
the backport in the OpenSSL_1_0_1-stable head [2].
At least Debian [3] and Ubuntu backported this as well.
Regard
On 06/01/14 20:40, Jeffrey Walton wrote:
There's also an Apple SecureTransport bug workaround. Apple's
SecrureTransport does not properly negotiate ECDHE-ECDSA cipher
suites. It affects Mac OS X and could affect iOS. It might be prudent
to add SSL_OP_SAFARI_ECDHE_ECDSA_BUG by default.
http://www
OpenSSL 1.0.1f was released today. It might be a good time to rebuild
all the versions of nginx using static versions of OpenSSL.
There are three CVE remediations included in the release:
CVE-2013-4353, CVE-2013-6449, CVE-2013-6450.
http://www.openssl.org/news/openssl-1.0.1-notes.html.
It does no
10 matches
Mail list logo
