Sponsor:

Server and Web Integrator
Link:
Kloxo-MR logo
6.5.0 or 7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR is open-source.
Donate and or Sponsorship always welcome.
Click to:
Click Here
Please login or register. 2019-07-16, 16:44:29

Author Topic: Enable TLSv1.3 in nginx/Apache  (Read 404 times)

0 Members and 1 Guest are viewing this topic.

Offline Spacedust

  • Super Grand Master
  • ****
  • Posts: 4,030
  • Karma: +1/-0
    • View Profile
Enable TLSv1.3 in nginx/Apache
« on: 2019-04-28, 17:39:04 »
Please add it. As well as ALPN/HTTP2.
« Last Edit: 2019-05-02, 20:51:28 by Spacedust »

Offline Spacedust

  • Super Grand Master
  • ****
  • Posts: 4,030
  • Karma: +1/-0
    • View Profile
Re: Enable TLSv1.3 in nginx/Apache
« Reply #1 on: 2019-05-04, 12:27:21 »
I was able to do it myself by compling OpenSSL 1.1.1b and installing nginx from exove repo.

Offline Spacedust

  • Super Grand Master
  • ****
  • Posts: 4,030
  • Karma: +1/-0
    • View Profile
Re: Enable TLSv1.3 in nginx/Apache
« Reply #2 on: 2019-05-04, 12:30:22 »

Offline Spacedust

  • Super Grand Master
  • ****
  • Posts: 4,030
  • Karma: +1/-0
    • View Profile
Re: Enable TLSv1.3 in nginx/Apache
« Reply #3 on: 2019-05-17, 23:45:00 »
Make sure to check if you latest update for TLS 1.3 does work under CentOS 6.

CentOS 6 is delivered with openssl 1.0.1e which doesn't have TLS 1.3 support.

https://www.cdn77.com/tls-test

Online MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,581
  • Karma: +116/-10
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: Enable TLSv1.3 in nginx/Apache
« Reply #4 on: 2019-05-18, 05:18:51 »
In new update, webserver configuration already accept for TLS 1.3 for nginx and apache.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline Spacedust

  • Super Grand Master
  • ****
  • Posts: 4,030
  • Karma: +1/-0
    • View Profile
Re: Enable TLSv1.3 in nginx/Apache
« Reply #5 on: 2019-05-24, 22:48:02 »
It doesn't work as nginx has been compiled with OpenSSL 1.0.1e-fips 11 Feb 2013 which doesn't support TLS 1.3. Must be 1.1.1 or higher. Tested on CentOS 6.10.

Check these: https://packages.exove.com/nginx-http2.html

Also hide nginx version: server_tokens   off;

Quote
nginx version: nginx/1.17.0
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-23) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'
« Last Edit: 2019-05-24, 22:59:32 by Spacedust »

Online MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,581
  • Karma: +116/-10
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: Enable TLSv1.3 in nginx/Apache
« Reply #6 on: 2019-05-24, 22:57:20 »
Yes. Need openssl 1.1.1+ to support TLS1.3.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline Spacedust

  • Super Grand Master
  • ****
  • Posts: 4,030
  • Karma: +1/-0
    • View Profile
Re: Enable TLSv1.3 in nginx/Apache
« Reply #7 on: 2019-05-24, 23:09:14 »
I got OpenSSL 1.1.1b  26 Feb 2019 compiled inside the system, but now the nginx package needs to be recompiled again.

Offline Spacedust

  • Super Grand Master
  • ****
  • Posts: 4,030
  • Karma: +1/-0
    • View Profile
Re: Enable TLSv1.3 in nginx/Apache
« Reply #8 on: 2019-05-28, 14:47:48 »
Can you compile such package? Should be the same as these exove guys did but with IPv6 support and nginx 1.17.0.

Offline Spacedust

  • Super Grand Master
  • ****
  • Posts: 4,030
  • Karma: +1/-0
    • View Profile
Re: Enable TLSv1.3 in nginx/Apache
« Reply #9 on: 2019-06-01, 14:22:10 »
I did compile by myself and TLS 1.3 is now working ;-)

We need to make a custom repo for nginx with TLS 1.3 for CentOS 6

https://www.cdn77.com/tls-test

Enabled SSL/TLS protocol versions
TLS 1.3   YES
TLS 1.2   YES
TLS 1.1   YES
TLS 1.0   YES
SSLv3   NO
SSLv2   NO

 


MRatWork Affiliates:    BIGRAF(R) Inc.    House of LMAR    EFARgrafix

Page created in 0.086 seconds with 22 queries.

web stats analysis