[Pkg-nginx-maintainers] Bring nginx.conf to more modern security standards and practices

Thomas Ward teward at thomas-ward.net
Mon Jun 17 17:14:37 BST 2024


I'd like to get PR 80 
(https://salsa.debian.org/nginx-team/nginx/-/merge_requests/80) included 
in the packaging.

The security recommendations in nginx's conf file that we use no longer 
match modern standards of protocols, and don't take into consideration 
security changes and best practices.

I adjust ssl_protocols, prefer_server_ciphers to OFF, and then 
server_tokens to OFF actually.  I don't touch SSL protocols, but we 
should not use protocols OTHER than TLS 1.2 and TLS 1.3 per current 
security protocols and practices.


Thomas




More information about the Pkg-nginx-maintainers mailing list