How to Fix Openssl BUG for Cpnginx

We have an update for Cpnginx with a new version 11.7 which have a fix for the openssl bug ?

What is Openssl Bug?

Recently Redhat upgraded openssl to version openssl-1.0.2k-23.el7_9.x86_64 , which breaks any apache or nginx servers or other services using the OCSP ssl sapling mechanism.

How to solve this issue?

You need to disable SSL OCSP sapling on your virtual hosts

Steps to Fix it in Cpnginx

Upgrade cpnginx and do the following steps from server shell

# wget -c https://syslintportal.com/downloads/cpnginx-11.7.tar.gz

# tar -xzf cpnginx-11.7.tar.gz

# cd cpnginx-11.7

# ./install.sh

Now disable OCSP sapling and rebuild vhosts

# touch /etc/cpnginx/disable_ocsp

# nginxctl build vhosts

# nginxctl restart

Soon after a patch from Redhat developers available for the openssl, you can simply remove /etc/cpnginx/disable_ocsp and rebuild vhosts to enable OCSP saplin