TLS 1.1 and 1.2 require nginx be built against the 1.0.1 branch of
OpenSSL, or the subsequent Libre and Boring forks of it. Odds are high that if
you have servers running the old 0.8.x branch of nginx it is also running the
old 0.9.8 branch of OpenSSL. As for whether or not it’s okay to run purely
TLSv1 on the nginx 0.8.55 systems it depends on your willingness to accept the
caveats that there are known and likely unknown horrors lurking in that old
version of OpenSSL and the TLSv1 protocol itself is looking a bit rickety these
days.
Personally, if I’m going to run a site requiring SSL, then I’m going to do
it right and not be rolling out potentially compromised
libraries/protocols/ciphers.
__________________
Scott Larson
Systems Administrator
Wiredrive/LA
310 823 8238 ext. 1106
310 943 2078 fax
www.wiredrive.com <http://www.wiredrive.com/>
www.twitter.com/wiredrive <http://www.twitter.com/wiredrive>
www.facebook.com/wiredrive <http://www.wiredrive.com/facebook>
> On Oct 24, 2014, at 9:09 AM, teddymills <[email protected]> wrote:
>
> I have abut 10 nginx servers, versions 1.0.15 and 0.8.55.
>
> I am patching for the poodle, so:
>
> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
>
> is accept by nginx 1.0.15 but not 0.8.55
>
> I would prefer to use just TLSv1 on 0.8.55 if using just TLSv1 is okay.
>
> Or would upgrading the nginxs be required ?
>
> I dont want to upgrade the older nginx unless absolutely required.
>
> TIA
>
> Posted at Nginx Forum:
> http://forum.nginx.org/read.php?2,254249,254249#msg-254249
>
> _______________________________________________
> nginx mailing list
> [email protected]
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx
