OpenSSL 1.1.1 might give you a headache when you still use TLSv1.0 etc. Debian has quite high security standards and with OpenSSL 1.1.1 this might affect you and give you comments about keys less then 112-bit, being an issue and things might stop working.
TLDR; The Quick 5 min solution
Add the Nginx repo (/etc/apt/sources.list.d/nginx.list)
deb http://nginx.org/packages/debian/ stretch nginx
deb-src http://nginx.org/packages/debian/ stretch nginxYou might, like me, run into a dependency missing: dh-systemd message
apt-get install dh-systemdAdd the sid/unstable repo to /etc/apt/sources.list
deb http://deb.debian.org/debian unstable mainThen make sure you have some clean location...
mkdir /usr/local/src -p && cd /usr/local/src
curl -O https://nginx.org/keys/nginx_signing.key && apt-key add ./nginx_signing.key
apt-get update
apt-get install openssl libssl-dev -t unstable -y
apt-get source nginx
tar xf nginx*.gz
cd nginx-*
tar xf ../nginx*.xz
Now we most likely need to do a quick and dirty ignore missing info for ship lib dependencies for nginx_dbg. Edit the debian/rules file and change the dh_shlibdeps line:
dh_shlibdeps -a --dpkg-shlibdeps-params=--ignore-missing-infoAlso, in the same file, add the following after compile flags CFLAGS=...--with-ld-opt="$(LDFLAGS)"
--with-openssl-opt=enable-tls1_3Since we use the normal release and no dev-source, we don't need to specify--with-openssl=<dir-to-source-openssl>... Aaaand let's continue!
debuild -uc -us cd .. sudo dpkg -i nginx_*.deb
Clean up and don't forget to pin the package(s)!
Package: nginx*
Pin: release *
Pin-Priority: -1The results
angelique@dawnbringer:/usr/local/src$ nginx -V nginx version: nginx/1.15.3 built by gcc 6.3.0 20170516 (Debian 6.3.0-18+deb9u1) built with OpenSSL 1.1.1 11 Sep 2018 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -fdebug-prefix-map=/usr/local/src/nginx-1.15.3=. -specs=/usr/share/dpkg/no-pie-compile.specs -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-specs=/usr/share/dpkg/no-pie-link.specs -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'
angelique@dawnbringer:/usr/local/src$ openssl version OpenSSL 1.1.1 11 Sep 2018
Please be aware that the TLSv1.3 ciphers between pre-release and release have changed names. They are no longer prefixed with TLS13.
angelique@dawnbringer:/usr/local/src$ openssl ciphers -s -v | grep 1.3 TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
Also note they are with an _ instead of a -. For now I am adding the following line to my NGINX config and wait and see when and if this changes and where the rest of the support comes from.
ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS_AES_256_GCM_SHA384:TLS-AES-256-GCM-SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS-CHACHA20-POLY1305-SHA256 #more... As per OpenSSL's blog, they wrote:
OpenSSL has implemented support for five TLSv1.3 ciphersuites as follows:
TLS13-AES-256-GCM-SHA384TLS13-CHACHA20-POLY1305-SHA256TLS13-AES-128-GCM-SHA256TLS13-AES-128-CCM-8-SHA256TLS13-AES-128-CCM-SHA256
This seems not to be the case anymore. This was only the case in the drafts!
Browsers and SSLLabs only seem to have implemented the drafts and not "the official" releases. It will take some time for these to end up in the final version but until then, your installation is ready! If you want to go back, you can install 1.1.1 pre 8 or pre 9 instead! Don't forget to add the --with-openssl=<dir> flag!
Testing
angelique@dawnbringer:/usr/local/src$ openssl s_client -connect techshift.eu:443 -tls1_3
CONNECTED(00000005)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = techshift.eu
verify return:1
---
Certificate chain
0 s:CN = techshift.eu
i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFpjCCBI6gAwIBAgISAx5q2awIKMJtNDgZ8i5QjmIqMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODA3MDYwNDIyNDVaFw0x
ODEwMDQwNDIyNDVaMBcxFTATBgNVBAMTDHRlY2hzaGlmdC5ldTB2MBAGByqGSM49
AgEGBSuBBAAiA2IABBnzmZT9VV/+ec7grI9gvJ3ojpJy2eg3C5QYD+pcGD5s6m2S
X3t6aTWih27qCps1JsPtf+cKe7XhAW6TmBUN1qGXydRlA49pxrbbtSypl5gZoHd4
R7DvpmS+aMlGCN03xKOCA2UwggNhMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAU
BggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUIDY/
rbHcOknhAjRNa3IAJDKscpQwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo
7KEwbwYIKwYBBQUHAQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQt
eDMubGV0c2VuY3J5cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQt
eDMubGV0c2VuY3J5cHQub3JnLzBpBgNVHREEYjBgggx0ZWNoc2hpZnQuZXWCDHRl
Y2hzaGlmdC5ubIIMdGVjaHNoaWZ0LnNlghB3d3cudGVjaHNoaWZ0LmV1ghB3d3cu
dGVjaHNoaWZ0Lm5sghB3d3cudGVjaHNoaWZ0LnNlMIH+BgNVHSAEgfYwgfMwCAYG
Z4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEFBQcCARYaaHR0cDovL2Nw
cy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGbVGhpcyBDZXJ0aWZp
Y2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5aW5nIFBhcnRpZXMg
YW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0aWZpY2F0ZSBQb2xp
Y3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvcmVwb3NpdG9yeS8w
ggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgDbdK/uyynssf7KPnFtLOW5qrs294Rx
g8ddnU83th+/ZAAAAWRuCuWDAAAEAwBHMEUCIQD5pO20fZvCNHe7dFn6XYvoUIDM
ddHyUKCDz7kwdRqjJAIgQulzbmHsVnnie21xEETXE0wQ22JlNC2mgcvAGZeQ2jwA
dQApPFGWVMg5ZbqqUPxYB9S3b79Yeily3KTDDPTlRUf0eAAAAWRuCuWLAAAEAwBG
MEQCIGDoyOhQRqxSXpHiqNe8mLW/Cli+ru/rpOWy5EPnawwfAiBMaSnUReHI/WA7
Dgy0bxKWawTEYKx+Gx+zg9yW0+BxfDANBgkqhkiG9w0BAQsFAAOCAQEAkg/PyHcG
it0oW/ncbPVtomsyknvEnopVfyYxwzdbVdnao7AjY8zA2K6YwFhk/az8BhP3BjkZ
TVLBv8+4Tha49dsZ8XyLRCruEUqOSvjRHb0BVe4QQssLS7P0TzWDZyYS7nqof187
mAUZ4cVwPrGdbcxxfkMrYtfhBpJq/EXuWfUAgFmQZtzx6IayGVWTbceSaxq3Ir8J
Yao5WgrWCBEmpGWki5Gy/67UyBEVNr82xae0ea3/9fBymJkbXIOLVjdrE0yJUg0b
4em8/TQTQ9243g9BC1vbW+QJjrr1aUIXVC+l7bIdAxMNXmTaM09+c9bojeP7A88j
HLiHc6fn5DlOpA==
-----END CERTIFICATE-----
subject=CN = techshift.eu
issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA384
Peer signature type: ECDSA
Server Temp Key: ECDH, P-521, 521 bits
---
SSL handshake has read 3231 bytes and written 653 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 384 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 443700F72CBFFDD349558391FXDD48F2483X9A1930FC2BC6XF6565F9X57FC24E
Session-ID-ctx:
Resumption PSK: 9C9D26AA675A1999C9A1250ED1A64DAX84D462499A2B3049EFDDE484902E0AD52E044764EEB2D2A6A1137C9129B06B1A
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 6b 26 19 75 6e 2f dd 73-ad 0a 18 bd 82 7b c1 a8 k&.en/.s.....{..
0010 - 77 5c 54 04 33 9d 99 53-b3 26 f1 e5 3b 50 54 5f ................
0020 - 18 9c 9f de 5d ee 18 1c-e3 f4 dd dd 29 ec 47 51 ................
0030 - 71 f0 2a 40 a9 e0 XX a7-92 4c 36 a4 60 38 ba 4c q.*@..J.....`8.L
0040 - 2d 50 6d be 9d 95 12 XX-XX de 77 5d e7 b8 6c b7 -XX.......w]..l.
0050 - f0 ba 7a 2d 83 89 ac 03-be b9 a9 fb 57 dc 94 d8 ..z-........W...
0060 - f9 e2 85 e2 8c cb bc 83-28 a8 bd 19 69 e4 96 2b ........(...i..+
0070 - d0 24 da e6 70 f2 f3 a0-64 5d 5b 4a b0 c1 0a 39 .$..p...d][J...9
0080 - 0b ef 8b c3 09 bd 4d e9-47 21 6e 2f e5 94 b2 9a ......M.G!n/....
0090 - 5f 34 3f 3e fa f9 90 ba-ff 31 83 06 e5 0b 69 bd _4?>.....1....i.
00a0 - 35 c2 6b d3 6b 7b 31 61-d3 89 5d e3 4e 61 77 7e 5.k.k{1a..].Naw~
00b0 - 42 df 28 83 99 20 d9 76-2e ba 44 99 cc 6b 7e 01 ..... ..........
00c0 - bf 5f e5 99 ec 89 92 43-b8 a5 fa e3 4c 46 dc 69 ................
00d0 - 33 a7 51 e7 0c 28 57 79-ba ea 3c 7d 0e 51 9a 3a 3.Q..(Wy..<}.Q.:
00e0 - 92 c6 45 68 f7 e3 c5 7d-e6 d0 73 56 df d3 ce 63 ..Eh...}..sV...c
Start Time: 1337412288
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 9EXFBFXBA06E831987DF4X79D771C85AAF9719XD0FE71C90B6C5XF6EFFAEX906
Session-ID-ctx:
Resumption PSK: 4C51017XD298XC21EAX1BC3421X8X81D7A1ECEDCBX4B2804C3F70XE60C4B03822C07960B7DF8567DA5991FDFBD6C45B7
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - xx 26 19 65 6e 2f dd 73-ad 0a 18 bd 82 7b c1 a8 XXxen/.s.....{..
0010 - 4b xx df 6f 4f 15 64 20-61 24 be aa 30 62 37 db Kh.XX.x ax..0b7.
0020 - 25 97 xx eb 5b 19 44 35-fd 6a 61 a3 09 f2 bb ee %.z.[.D5.ja.....
0030 - 66 05 4e xx 3d 8a b1 5f-d9 6e 71 11 85 db 96 64 f.X.X.._.Xq....d
0040 - ab 48 b7 35 xx 92 b3 8e-db 9a 33 21 ca 9d 71 1d ................
0050 - 03 d1 5c e9 5a xx f9 46-c5 c6 7c d4 fc d9 c8 ae ................
0060 - 3e 4c 2d 33 a4 c5 db 76-b6 fa 1f 76 09 51 a6 68 >L-3...v...v.Q.h
0070 - bb 75 2c c7 e0 33 bb 58-a9 bc ca a6 54 01 28 0d .u,..3.X....T.(.
0080 - 1e 09 af a8 59 25 7e 94-1a c8 16 12 87 38 a2 49 ....Y%~......8.I
0090 - 8a d6 cc 2e 2e 31 13 08-59 82 16 77 db 38 79 f2 .....1..Y..w.8y.
00a0 - c4 aa 86 49 bc af 41 b1-e1 ac 9c 94 25 1c f1 36 ...I..A.....%..6
00b0 - 74 cf 61 a4 b4 12 01 71-11 48 15 f7 9c 49 ae da t.a....q.H...I..
00c0 - 3f e2 a0 7b 24 30 ad a1-44 a0 a7 93 ee e3 99 31 ?..{$0..D......1
00d0 - f3 a3 1d 70 db b5 ce d8-db 1d 92 66 84 fb c9 ed ...p.......f....
00e0 - 2f 4c b8 cb 39 cd 26 00-5b e2 38 ed a8 67 0f fe /L..9.&.[.8..g..
Start Time: 1537432288
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
The important lines are the TLS sessions, and as you can see, they are TLS1.3 sessions. Now of course you are not using TLS1.3 in the browser yet since those are still using draft versions most-likely... Or OpenSSL's implementation is very wrong, which also might be the case... But at least you are done for today and it should work with upcoming releases out of the box... At least the site is reachable again and you don't have cipher mismatches anymore.