[bug#46049] [PATCH] services: nginx: Add ssl-protocols option.

[Tobias Geerinckx-Rice]

Jonathan Brielmaier 写道：
> The default settings is accordingly to Mozillas "Intermediate"
> configuration for nginx: https://ssl-config.mozilla.org

Oh, I see!  Hiding subjective tweaks to upstream defaults in Guix 
services is a bad idea.

Imagine debugging this at 2 a.m., staring at the official nginx 
documentation through your tears.

> I would also like to implement an option with good defaults for
> `ssl_ciphers` if you have ideas how to do that in a nice way 
> speak up :)

How about writing ‘mozilla-recommended’ nginx configuration 
presets that users can inherit from?  This would imply keeping 
them up to date, including the specific versions of nginx and *ssl 
in Guix.

I don't know whether this belongs in Guix or not, but then we 
already ship someone's Facebook blocklist, so... :-)

Kind regards,

T G-R

signature.asc
Description: PGP signature