at least with nginx there is no problem using libressl
(but not recommended for production)
http://forum.nginx.org/read.php?2,251718
2014-07-23 18:58 GMT+02:00 Vladislav Manchev <man...@bin.bz>:
> You could try LibreSSL [1] instead.
>
> Still haven't tested it with OpenResty, but it's on my list for this week.
>
> Also, OpenResty *is not* installing OpenSSL on your system, it's just linked
> against it.
>
> [1]: http://www.libressl.org
>
>
> Best,
> Vladislav
>
>
> On Wed, Jul 23, 2014 at 4:15 PM, mex <lazy....@gmail.com> wrote:
>>
>> check your local system with the testscript i liked in my mail
>>
>> 2014-07-23 14:35 GMT+02:00 Vitaly Kosenko <vitaly...@gmail.com>:
>> > Okey. A have this one 11 Feb 13
>> >
>> >
>> > 2014-07-23 18:18 GMT+06:00 mex <lazy....@gmail.com>:
>> >>
>> >> you can test with https://testssl.sh/ locally, but if you have a
>> >> recent wheezy and you shgould be fine; debian backports bugfixes but
>> >> doesnt increase the version-number for openssl
>> >>
>> >> this is from my (fixed) debian/7:
>> >>
>> >> [ you@me :~] > openssl version
>> >> OpenSSL 1.0.1e 11 Feb 2013
>> >>
>> >> [ you@me :~/testssl.sh] > ./testssl.sh localhost
>> >>
>> >> #########################################################
>> >> testssl.sh v2.1alpha (https://testssl.sh)
>> >> ($Id: testssl.sh,v 1.112 2014/07/16 16:54:10 dirkw Exp $)
>> >>
>> >>
>> >> Using "OpenSSL 1.0.1e 11 Feb 2013" [Jun 4 18:39:57 2014]
>> >> on "localhost:/usr/bin/openssl"
>> >>
>> >> Testing now (2014-07-23 14:17) ---> 127.0.0.1:443 (localhost) <---
>> >>
>> >> ...
>> >>
>> >> --> Testing specific vulnerabilities
>> >>
>> >> Heartbleed (CVE-2014-0160), experimental NOT vulnerable (ok)
>> >> CCS (CVE-2014-0224), experimental NOT vulnerable (ok)
>> >> Renegotiation (CVE 2009-3555) NOT vulnerable (ok)
>> >> CRIME, TLS (CVE-2012-4929) NOT vulnerable (ok)
>> >>
>> >>
>> >>
>> >> 2014-07-23 11:47 GMT+02:00 Vitaly Kosenko <vitaly...@gmail.com>:
>> >> > Hello! I am reading about http://heartbleed.com/ and I have debian
>> >> > wheezy
>> >> > with last version of openresty. I don't install openssl manually.
>> >> > I've
>> >> > installed only libssl as in
>> >> >
>> >> > Prerequisites
>> >> >
>> >> > You should have perl 5.6.1+, libreadline, libpcre, libsslinstalled
>> >> > into
>> >> > your
>> >> > system. For Linux, you should also ensure thatldconfig is in your
>> >> > PATH
>> >> > environment.
>> >> >
>> >> > And there is openssl version OpenSSL 1.0.1e 11 Feb 2013 on my machine
>> >> > (I
>> >> > think openresty installs it). It is vulnerable to heartbleed isn't
>> >> > it?
>> >> > How
>> >> > to tell openresty to use other openssl or configure it with
>> >> > -DOPENSSL_NO_HEARTBEATS?.