F5 NGINX is proud to sponsor two open source organizations that are key to improving security on the Internet: Let's Encrypt and OpenSSL. Learn more about what they do.
The DROWN vulnerability in OpenSSL, CVE-2016-0800, does not affect most NGINX users. See this article for details and preventative steps.
This blog post provides an overview of an early alpha patch to enable HTTP/2 support in NGINX. Installation instructions are also provided.
The OpenSSL project announced fixes to 7 security vulnerabilities on 5 June 2014. An update to OpenSSL is generally sufficient to address this.