search

cryptofuture / nginx-hda-bundle

Nginx HDA Bundle - Dynamic Modules Power
https://launchpad.net/~hda-me/+archive/ubuntu/nginx-stable
81 stars 11 forks source link

Use better OpenSSL version #6

Closed Synchro closed 7 years ago

Synchro commented 7 years ago

One of the main reasons I currently have to build nginx packages from source is that I want chacha20/poly1305 support, which requires a more recent or patched OpenSSL, such as this one. Any chance you could include that in your builds?

cryptofuture commented 7 years ago

Mostly same as issue #2
This is not possible, since this means I also need to maintain openssl, and considering openssl is major security library which needs very frequent updates, this is possible only in team or on paid basis. However this could be possible without backporting security updates, in one person with using build robot and always upstream last version (probably the way to do it, if you really need it).

Synchro commented 7 years ago

Wouldn't it be possible as a git submodule, so you wouldn't need to maintain it?

cryptofuture commented 7 years ago

I make bundle releases usually after nginx mainstream version updates (and try to push changes with it, to avoid too freq PPA updates), even if I build statically, I'll be too slow to openssl.
Beside I don't like idea, too build statically, and using custom openssl could scare security-aware users.