NGINX 1.18.0 stable with brotli support, TLS 1.3 final (RFC 8446) built against OpenSSL 1.1.1g for Red Hat Enterprise Linux and CentOS

NGINX 1.18.0 stable version with brotli compression library from Google, TLS 1.3 Final (RFC 8446), http2 (HTTP/2), ngx cache purge и ngx http geoip2 module support. SSL is built dynamically against OpenSSL 1.1.1g.

Please note that TLS 1.3 final version is supported in Chrome 70+ and Mozilla Firefox 63+. To enable TLS 1.3, you must specify

ssl_protocols TLSv1.2 TLSv1.3;

Since 1.18.0 release for Centos 7 we build OpenSSL as a separate package that installs to the separate directory (/opt/codeit/openssl111) and does not affects system libraries.

Links:

Alternatively, feel free to use our CentOS/RHEL repository.

3 thoughts on “NGINX 1.18.0 stable with brotli support, TLS 1.3 final (RFC 8446) built against OpenSSL 1.1.1g for Red Hat Enterprise Linux and CentOS”

  1. Hello Alexander & all,

    as you might have noticed, today there has been a release of nginx-1.18.0 stable version.

    Since I have nginx repo somehow forgotten in my list, my webserver got upgraded via yum update and since that nginx stopped working. I fixed the configuration reflecting changes in nginx directives for version 1.18 and got it back functional. But only after I have done that, noted my website is no longer running TLS 1.3

    Having realized this, found out that official nginx repo contains a build compiled still against an ancient OpenSSL version:

    [root@server ~]# nginx -V
    nginx version: nginx/1.18.0
    built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC)
    built with OpenSSL 1.0.2k-fips 26 Jan 2017
    TLS SNI support enabled

    which is obviously the reason TLS 1.3 not working for me now.

    Will you be creating your CodeIT package built with OpenSSL 1.1.1d or later version for the new nginx anytime soon? I would not like to go back older nginx versions at this point since my configuration seems to work well enough, but it would be great to have your package from CodeIT repository instead.

    Thank you in advance,

    Daniel.

    Reply

      1. Hello Alexander,

        great news. Yeah OpenSSL 1.1.1g version was also out yesterday, right..

        Do I have the right repository for RHEL7 where to expect it then? 🙂

        I have currently codeit.el7.repo :

        [CodeIT]
        name=CodeIT repo
        baseurl=https://repo.codeit.guru/packages/centos/7/$basearch
        enabled=1
        gpgkey=https://repo.codeit.guru/RPM-GPG-KEY-codeit
        gpgcheck=1

        Thank you,

        Daniel.

        Reply

Leave a Reply

Your email address will not be published. Required fields are marked *