Yeah you're at the mercy of what version of OpenSSL is used by your Nginx binaries.
I always like to play with bleeding edge latest tech so TLS 1.3 is a must for me, so I always build my Centmin Mod Nginx binaries using Nginx mainline 1.15 branch with end user selectable choice of OpenSSL 1.1.1 branch or BoringSSL crypto libraries - both allow my Nginx binaries to support TLS 1.3 https://community.centminmod.com/threads/centmin-mod-nginx-h... :)
Must vet the 3rd party (Trustworthy? Likely to stick around and have timely security updates?). Must do testing with my setup – nginx is not the only thing that's using OpenSSL on the server. I would test the official backport as well, but it would likely have more users and so more issues already taken care of.
And TLS 1.3 is not yet a must-have requirement for me.
Your comment kinda embodies everything that is complicated about Linux distribution support.
You use an LTS distribution, yet you want to have bleeding edge features. It sounds like you simply want two things that are in contradiction to each other.
> After two years of work we are excited to be releasing our latest version today - OpenSSL 1.1.1. This is also our new Long Term Support (LTS) version and so we are committing to support it for at least five years.
What does “support” in “long term support” mean if not “support the current stable version of the most widely used cryptosystem on the planet”?
I think the arbitrary distinction of “point releases can include x but not y” where x is bugfixes related to security and stability and y is bugfixes in a protocol means that there is not a contradiction there.
> What does “support” in “long term support” mean if not “support the current stable version of the most widely used cryptosystem on the planet”?
It means "support whatever was included in the distribution for a long time". That is, what matters is the "current stable version" at the moment the distribution was originally released.
> where x is bugfixes related to security and stability and y is bugfixes in a protocol means that there is not a contradiction there.
TLS 1.3 is a new protocol, not a bugfix. A bugfix to the protocol would be something like the renegotiation extension (RFC 5746).
There is no reason not to provide all the stable branches and development/bleeding edge branches for packages and let people choose what they want, except for package management practices still stuck in 20th century.
It would cause a combinatorial explosion: if you have only 10 packages with both stable and bleeding edge branches, this is already over a thousand possible combinations. That makes it harder to support, and the whole point of an LTS distribution is to have support for a somewhat longer time.
But it's all tied to time. So, for example, at any point in time there are latest stable packages that should only depend on other latest stable packages, there is no point doing other combinations, hence no combinatorial explosion. And if it doesn't work with the latest stable dependency, it will never work with it anyway and has to be linked with previous stable branch of that dependency, still the only version though and no combinatorial explosion. No matter how you look at it, time constraints possible combinations to a small number.
While nginx is a great piece of software, I've found that envoy is marching forward at much greater pace with support for HTTP/2 upstream, grpc, tls 1.3, active healthchecks, upstream dns resolution, and many other features.
Not to mention it's fully open source and does not have "open core" problems that I feel like partially account to nginx lagging behind in some areas.
yes I am using Nginx as a primary web server which is behind Cloudflare using Cloudflare Strict SSL - hence glad to see Cloudflare communicate with my origin via TLS 1.3
This is where containers can help. Ubuntu ships with LXC and its relatively simple to download an Alpine Linux container and then install Nginx and you are set. Alternatively Flockport [self plug] provides an open source app store [1] for LXC and you can download a prebuilt Nginx114 container all set to go.
But containers are some work with both upsides and downsides and upsides compared to having it out of the box in the distribution.
Interestingly they've chosen to just not offer 0RTT at all at the back end, at least for now.
I'm not actually sure if this helps. I guess it means 0RTT mitigation at Cloudflare concentrates the risk there - they can take full responsibility for doing a good job and if your clients have nasty RTT (e.g. satellite) you get most of the benefit with no work. Still, if you're very small 0RTT safety is easy whereas Cloudflare has to work very hard to even make it somewhat resist replays because their system is so distributed.
They're not going to proxy the 0RTT to the origin to determine if they accept it or not, so it's two separate questions of accepting it from clients and offering it to origins. For clients, especially mobile or satellite clients, the latency win from one round trip saved may be worth the risk; for origins, the worst latency is probably not too much, and connection reuse over multiple client requests likely reduces the total number of connections made.
* They know when they can serve 0RTT from their cache safely because they can be reasonably certain if handling a cached request is side effect free.
* If connections to backend origins are reasonably persistent, there's not much latency reduction benefit from 0RTT compared to connections from consumer user agents.
31 comments
[ 3.5 ms ] story [ 124 ms ] threadApparently there are plans to backport OpenSSL 1.1.1: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/17973...
I'd rather not install 3rd party nginx & OpenSSL builds, or compile it myself, so I'll just wait for the backport and test then.
I always like to play with bleeding edge latest tech so TLS 1.3 is a must for me, so I always build my Centmin Mod Nginx binaries using Nginx mainline 1.15 branch with end user selectable choice of OpenSSL 1.1.1 branch or BoringSSL crypto libraries - both allow my Nginx binaries to support TLS 1.3 https://community.centminmod.com/threads/centmin-mod-nginx-h... :)
And TLS 1.3 is not yet a must-have requirement for me.
You use an LTS distribution, yet you want to have bleeding edge features. It sounds like you simply want two things that are in contradiction to each other.
> After two years of work we are excited to be releasing our latest version today - OpenSSL 1.1.1. This is also our new Long Term Support (LTS) version and so we are committing to support it for at least five years.
I think the arbitrary distinction of “point releases can include x but not y” where x is bugfixes related to security and stability and y is bugfixes in a protocol means that there is not a contradiction there.
It means "support whatever was included in the distribution for a long time". That is, what matters is the "current stable version" at the moment the distribution was originally released.
> where x is bugfixes related to security and stability and y is bugfixes in a protocol means that there is not a contradiction there.
TLS 1.3 is a new protocol, not a bugfix. A bugfix to the protocol would be something like the renegotiation extension (RFC 5746).
The TLS protocol was included in the distribution. (You seem to be using a self-recursive definition of “support”.)
If you want versions as they become available use a rolling release. LTS is attractive specifically because they don't do that.
I don't want my server upgrading packages beyond necessary security improvements. That's why I'm on an LTS release.
Not to mention it's fully open source and does not have "open core" problems that I feel like partially account to nginx lagging behind in some areas.
But containers are some work with both upsides and downsides and upsides compared to having it out of the box in the distribution.
[1] https://www.flockport.com/apps
I'm not actually sure if this helps. I guess it means 0RTT mitigation at Cloudflare concentrates the risk there - they can take full responsibility for doing a good job and if your clients have nasty RTT (e.g. satellite) you get most of the benefit with no work. Still, if you're very small 0RTT safety is easy whereas Cloudflare has to work very hard to even make it somewhat resist replays because their system is so distributed.
* They know when they can serve 0RTT from their cache safely because they can be reasonably certain if handling a cached request is side effect free.
* If connections to backend origins are reasonably persistent, there's not much latency reduction benefit from 0RTT compared to connections from consumer user agents.