how to enable TLSv1.1 and TLSv1.2 on nginx Debian squeeze?

6,501

Solution 1

According to archive.org ( http://web.archive.org/web/20120116033748/http://nginx.org/en/docs/http/configuring_https_servers.html ) TLSv1.2 support was added between january and february 2012. Nginx 0.7.67 is from 2010.

You might want to use the backport of nginx 1.2 ( http://packages.debian.org/search?keywords=nginx ) and you almost certainly want to look into upgrading the OS :P

Solution 2

openssl @ squeeze is: OpenSSL 0.9.8o 01 Jun 2010, but you'll need 1.0.1x, so you'll have download openssl-sources and tell nginx @ compile-time which version to use:

./configure ... --with-http_ssl_module  \
                --with-openssl=/path/to/openssl_source/ ... 

i wouldnt recommend to update the system's openssl-packages from backports et al.

Share:
6,501

Related videos on Youtube

Gon
Author by

Gon

Updated on September 18, 2022

Comments

  • Gon
    Gon over 1 year

    For security I have to setup a nginx server with TLSv1.1 or TLS v1.2. By default, nginx configuresTLSv1.

    Reading the documentation I see that nginx has to set the following directive:

    ssl_protocols TLSv1.1 TLSv1.2;

    http://nginx.org/en/docs/http/configuring_https_servers.html

    But when I run the command:

    # /etc/init.d/nginx configtest

    Following message appears:

    Testing nginx configuration: [warn]: invalid value "TLSv1.1" in /etc/nginx/nginx.conf: 175 configuration file /etc/nginx/nginx.conf test failed

    Is documentation lies?

    platform is Debian Squeeze and nginx version is 0.7.67

    thanks

  • Gon
    Gon almost 11 years
    Thanks for responding Apart from updating nginx, would need to update the openssl package or version already supports 0.9.8o TLSv1.1 and TLSv1.2?
  • Michael Hampton
    Michael Hampton almost 11 years
    @Gon At this point squeeze is so ancient you're almost certainly better off rebuilding the server on an up-to-date distribution, which Debian almost never is.