Home > Others

How to adjust the Nginx server for OpenSSL security vulnerabilities _nginx

Source: Internet
Author: User
Tags openssl openssl library openssl version nginx server
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

1. Overview
the current burst of OpenSSL vulnerabilities, will reveal privacy information, involving more machines, the environment is different, resulting in repair plans are different. Many servers use the Nginx, is the static compilation Opensssl, directly compiles the OpenSSL to the nginx inside to go, this means that, simply upgrades the OpenSSL is does not have any effect, the Nginx does not load the external OpenSSL dynamic link library, The nginx must be recompiled before it can be cured.


2. Identify whether the Nginx is statically compiled

The following three methods can confirm whether Nginx statically compiles OpenSSL.
2.1 View nginx compilation Parameters

Enter the following directive to view the Nginx compilation parameters:

#./sbin/nginx-v

If the compilation parameter contains--with-openssl= ..., then the nginx is statically compiled OpenSSL, as follows:

Nginx version:nginx/1.4.1
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-3) (gcc)
TLS SNI support enabled
Configu Re arguments:--prefix=/opt/app/nginx--with-http_ssl_module--with-openssl=/opt/app/openssl-1.0.1e--add-module=/ opt/app/ngx_cache_purge-2.1

2.2 View the Nginx dependent libraries

For further confirmation, you can view the program's dependent libraries and enter the following directives:

# ldd ' which nginx ' | grep SSL

Show

libssl.so.10 =>/usr/lib/libssl.so.10 (0xb76c6000)

Note: If the output does not contain a libssl.so file (), it is statically compiled OpenSSL

Then enter the command to determine OpenSSL to determine the OpenSSL version of the library, but not too detailed, such as this should be 1.0.1e.5.7, but only output 1.0.1e:

# strings/usr/lib/libssl.so.10 | grep "^openssl"
OpenSSL 1.0.1e-fips Feb 2013

2.3 View Nginx Open files

You can also view the static compilation by viewing the file opened by Nginx, and enter the following directive:

# PS aux | grep nginx
# lsof-p 111111< here for Nginx process pid> | grep SSL

If you do not open the OpenSSL library file, you are statically compiling the OpenSSL, as shown in the following figure:

3. Recompile Nginx


In internet companies, there are few unified versions of Nginx, are all departments according to their own business needs to choose the appropriate plug-ins, and then compile their own, so when compiling must pay attention to the plug-in this block, do not forget to compile some plug-ins, try to keep the nginx characteristics, the following method can give you a reference, But it must be tested before it can be online.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
how to adjust crutches how to use metasploit to scan for vulnerabilities how to adjust time on fitbit c security vulnerabilities logmein security vulnerabilities gotomeeting security vulnerabilities web application security vulnerabilities

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More