Mattias Geniar has written this up in some detail, but to summarise:
Nginx 1.10 (the new major, stable version) has replaced SPDY with HTTP/2. But as of this week, Chrome now only supports HTTP/2 using ALPN. ALPN requires OpenSSL 1.0.2. But stable Debian (and CentOS, and other flavours of Linux) only have 1.0.1 and, right now (it seems to me) there’s not a lot of hope Debian will back-port the new version: many other services also use OpenSSL, they’d all need to be checked/updated…
If you’re using DotDeb on Jessie (aka Debian 8), the nginx packages (nginx nginx-common nginx-full etc.) will be held back when running apt-get upgrade.
What should I do? Updated – SOLUTION AVAILABLE! (2 March 2017) A newer OpenSSL has been backported. You need to add some extra repositories and use a special command to install it, but that’s it. Full Instructions