No matter how “stable” your “surroundings” are, eventually you will face HTTP/2 and all those requirements to run it on your server using Linux and some HTTP daemon. One of those requirements will be the OpenSSL version 1.0.2 (with ALPN support).
You might be lucky and you will find proper package of the OpenSSL for your Linux distribution. But then, you might be required to recompile your HTTP daemon from source. Yes, I’m in this situation now: Debian 8, OpenSSL 1.0.2 from “backports” and NGINX 1.10 (from DotDeb.org or NGINX.org).
Thanks to the Ramūnas (colleague of mine) for the link Recompile NGINX with OpenSSL 1.0.2+ for HTTP/2 via ALPN – Ubuntu 14.04 – this helps me to deal quicker with NGINX on Debian 8 at least for development environment.
If you are new to Debian, and you require some newer software than present in “stable” version, and ready to take the risks – you can use Debian Backports repository. To get a bit more familiar with this official Debian repository you can start from reading “What are Debian Backports?“. Just read carefully, understand the risks and test before going to production.
Sometimes I need to encrypt password same “way” as it done in /etc/shadow. For example: to place it in the Puppet config. I think there is a plenty of ways to do it. Here is my favorite: mkpasswd
# Install "whois" package in case we don't have it
sudo apt-get install whois
# Get available encryption methods
mkpasswd -m help
# Encrypt using SHA-256
mkpasswd -m sha-256
# Encrypt using SHA-512
mkpasswd -m sha-512