[Pkg-nginx-maintainers] Bring nginx.conf to more modern security standards and practices
Thomas Ward
teward at thomas-ward.net
Mon Jun 17 17:14:37 BST 2024
I'd like to get PR 80
(https://salsa.debian.org/nginx-team/nginx/-/merge_requests/80) included
in the packaging.
The security recommendations in nginx's conf file that we use no longer
match modern standards of protocols, and don't take into consideration
security changes and best practices.
I adjust ssl_protocols, prefer_server_ciphers to OFF, and then
server_tokens to OFF actually. I don't touch SSL protocols, but we
should not use protocols OTHER than TLS 1.2 and TLS 1.3 per current
security protocols and practices.
Thomas
More information about the Pkg-nginx-maintainers
mailing list