Hacker Newsnew | past | comments | ask | show | jobs | submit | more vbtechguy's commentslogin

it's on the very first sentence on the site (not the forums) https://centminmod.com/ linking to https://centminmod.com/lemp.html


that was not the site linked, and took me a lot of clicking to finally see yes. though having read up quite a bit, not really a big fan.


i believe those are build against non-OpenSSL 1.1.1 branch so don't have TLS 1.3 supported by official nginx docker images.


yes I am using Nginx as a primary web server which is behind Cloudflare using Cloudflare Strict SSL - hence glad to see Cloudflare communicate with my origin via TLS 1.3


Indeed in ideal world that would be the perfect solution.


Yeah LTS or bleeding edge is always time relative. For example OpenSSL 1.1.1 is the new LTS release https://www.openssl.org/blog/blog/2018/09/11/release111/

> After two years of work we are excited to be releasing our latest version today - OpenSSL 1.1.1. This is also our new Long Term Support (LTS) version and so we are committing to support it for at least five years.


Yeah confirmed no TLS 1.3 0-RTT early data support on origin backend communications right now https://community.cloudflare.com/t/cloudflare-speak-tls-1-3-...


Yeah you're at the mercy of what version of OpenSSL is used by your Nginx binaries.

I always like to play with bleeding edge latest tech so TLS 1.3 is a must for me, so I always build my Centmin Mod Nginx binaries using Nginx mainline 1.15 branch with end user selectable choice of OpenSSL 1.1.1 branch or BoringSSL crypto libraries - both allow my Nginx binaries to support TLS 1.3 https://community.centminmod.com/threads/centmin-mod-nginx-h... :)


seems they they messed up the wget-1.20.tar.gz extracting it has a wget-1.19.5 directory name instead of wget-1.20 named directory

  tar xvzf wget-1.20.tar.gz | head -n3
  wget-1.19.5/
  wget-1.19.5/GNUmakefile
  wget-1.19.5/Makefile.am


update from https://twitter.com/ruehsen/status/1069907108869623808

Ok, that was the inofficial/internal alpha tarball on http://alpha.gnu.org - that is meant for the translator team only. They just fetch the .pot file. The offical release tarballs on http://ftp.gnu.org are ok. (I don't have ycombinator account, can't answer there).


Already supported in Nginx 1.15.3+ if you recompile with either OpenSSL 1.1.1 or BoringSSL

I have no problems for

- Nginx + BoringSSL https://community.centminmod.com/threads/enabling-boringssl-...

- Nginx + OpenSSL 1.1.1 https://community.centminmod.com/threads/openssl-1-1-1-relea...

0-RTT TLS 1.3 is only supported in Nginx 1.15.3 with BoringSSL right now via ssl_early_data Nginx directive.

Nginx will add full 0-RTT TLS 1.3 for OpenSSL 1.1.1 with Nginx 1.15.4+ according to their road map https://trac.nginx.org/nginx/roadmap


been testing Nginx 1.13.9 via master branch with my Centmin Mod Nginx stack and HTTP/2 push testing by setting up cache aware HTTP/2 push via conditional preload link resource hints headers which only show up when a cookie is absent https://community.centminmod.com/threads/hurray-http-2-serve...

works so far but still waiting on bug fix https://trac.nginx.org/nginx/ticket/1478 as Nginx has pushed back 1.13.9 release until next week https://twitter.com/nginx/status/963442197436678144


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: