Page 1 of 1
nginx http_spdy_module
Posted: Mon Dec 02, 2013 2:40 am
by anhedonia
Please correct me if I'm mistaken, but it looks like even though --with-http_spdy_module was used while compiling the current nginx RPM, it was compiled against a pre 1.0.1 OpenSSL library, meaning it doesn't have NPN compatibility ?
Code: Select all
# openssl version
OpenSSL 1.0.1e 11 Feb 2013
# service nginx reload
nginx: [warn] nginx was built without OpenSSL NPN support, SPDY is not enabled
Re: nginx http_spdy_module
Posted: Mon Dec 02, 2013 5:45 pm
by mikeshinn
EL6 didnt include openssl 1.0.1 until yesterday, so it wasnt possible to compile against a newer version of openssl - the library would not have existed on the system. And EL5 does not include openssl 1.0.1 at all.
Re: nginx http_spdy_module
Posted: Mon Dec 02, 2013 9:41 pm
by anhedonia
That makes sense. I was just confused since spdy support was compiled in. I needed/wanted ECC support, so I compiled my own OpenSSL libraries and didn't keep track of what was in Base or Atomicorp so when I noticed it there yesterday, I just assumed it has been available for a while.
Re: nginx http_spdy_module
Posted: Tue Dec 03, 2013 9:45 am
by scott
The reason you dont want to do that is you lose your FIPS-140-2 cert when you modify openssl