Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

openssl 1.1.1g released with a fix for a DoS #40

Open
simonvik opened this issue Apr 22, 2020 · 3 comments
Open

openssl 1.1.1g released with a fix for a DoS #40

simonvik opened this issue Apr 22, 2020 · 3 comments

Comments

@simonvik
Copy link

Openssl 1.1.1g got released 2020-04-21 fixing CVE-2020-1967 : https://www.openssl.org/news/secadv/20200421.txt
@simonvik simonvik changed the title openssl 1.1.1g released with a fix for a DOS openssl 1.1.1g released with a fix for a DoS Apr 22, 2020
@agentzh
Copy link
Member

agentzh commented Apr 22, 2020
edited
Loading

Yes, we were aware of that. Fortunately OpenSSL 1.1.1 packages are currently not used by any pre-built openresty binary packages we are shipping.

Upgrading to openssl 1.1.1g requires some more work on our side, since we saw some compatibility issues the last time we ran our EC2 test cluster. @thibaultcha Will you keep an eye on this? Thanks!

@neomantra
Copy link
Member

@simonvik If you want to experiment with this, the OpenResty Docker image openresty/openresty:1.15.8.3-2-alpine is built-from-source using OpenSSL 1.1.1g.

@simonvik
Copy link
Author

We have forked most of your debian-builds (to get all dependency's correct) and im running 1.1.1g in production since yesterday and i have so far no problems but we only use the lua stream module.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@neomantra @agentzh @simonvik