Hi Willy,

On Fri, Jan 26, 2018 at 3:47 PM, Willy Tarreau <w...@1wt.eu> wrote:

> On Fri, Jan 26, 2018 at 01:26:35AM +1100, Igor Cicimov wrote:
> > Or you meant using the haproxy 16.04 image actually. Ok, another option
> is
> > to compile it myself with the openssl version I have atm.
>
> What mostly matters is the version used to *build* haproxy, because
> some features have to be known at build time. If you pick an haproxy
> package made for a more recent distro using 1.0.2 or later, it will
> enable ALPN. Whether or not it will work on your current distro with
> your locally rebuilt openssl is a big question of course.
>
> You should definitely avoid building openssl yourself, it's the best
> way to forget about upgrading it when a vulnerability is disclosed.
> However if you're already doing it for other reasons it's different
> and then maybe you can build your own haproxy with this openssl
> version. But as Lukas said, the easiest solution is to upgrade the
> distro :-)
>
> Willy
>


​So that's actually what my initial question was aiming at. While building
the deb archive for ubuntu trusty lets say doesn't it make sense to build
it using ​the latest stable openssl 1.0.2 just for the sake of the
features?

Reply via email to