We discuss how NGINX’s OpenSSL Compatibility Layer circumvents challenges with QUIC TLS interfaces that are not currently supported by OpenSSL.
F5 NGINX is proud to sponsor two open source organizations that are key to improving security on the Internet: Let's Encrypt and OpenSSL. Learn more about what they do.
The DROWN vulnerability in OpenSSL, CVE-2016-0800, does not affect most NGINX users. See this article for details and preventative steps.
This blog post provides an overview of an early alpha patch to enable HTTP/2 support in NGINX. Installation instructions are also provided.
The OpenSSL project announced fixes to 7 security vulnerabilities on 5 June 2014. An update to OpenSSL is generally sufficient to address this.