Hi Willy, On Fri, Jan 26, 2018 at 3:47 PM, Willy Tarreau <w...@1wt.eu> wrote:
> On Fri, Jan 26, 2018 at 01:26:35AM +1100, Igor Cicimov wrote: > > Or you meant using the haproxy 16.04 image actually. Ok, another option > is > > to compile it myself with the openssl version I have atm. > > What mostly matters is the version used to *build* haproxy, because > some features have to be known at build time. If you pick an haproxy > package made for a more recent distro using 1.0.2 or later, it will > enable ALPN. Whether or not it will work on your current distro with > your locally rebuilt openssl is a big question of course. > > You should definitely avoid building openssl yourself, it's the best > way to forget about upgrading it when a vulnerability is disclosed. > However if you're already doing it for other reasons it's different > and then maybe you can build your own haproxy with this openssl > version. But as Lukas said, the easiest solution is to upgrade the > distro :-) > > Willy > So that's actually what my initial question was aiming at. While building the deb archive for ubuntu trusty lets say doesn't it make sense to build it using the latest stable openssl 1.0.2 just for the sake of the features?