On Wednesday 28 September 2016 17:34:58 jhernandez wrote: > Hello, > > We've recently received a notification regarding a vulnerability in > OpenSSL: > OCSP Status Request extension unbounded memory growth (CVE-2016-6304) > This is fixed in OpenSSL v1.0.2i > > We're running an Nginx proxy server on Windows 2012 R2 and are currently > using Nginx 1.9.9 - with OpenSSL 1.0.2e > We do plan to upgrade to the latest stable nginx-1.10.1, but it seems > this version for Windows was compiled with OpenSSL 1.0.2*h*. > > Any idea when a new stable or mainline version will come out with > OpenSSL 1.0.2i support ? > Alternatively, we're also looking to build a custom 1.10.1 with the > OpenSSL 1.0.2i library with the instructions here: > http://nginx.org/en/docs/howto_build_on_win32.html > But we're not sure if 1.10.1 would support OpenSSL 1.0.2i. Has anyone > tried this approach before ? >
http://mailman.nginx.org/pipermail/nginx/2016-September/051914.html wbr, Valentin V. Bartenev _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
