|
From: | Tobias Geerinckx-Rice |
Subject: | [bug#46049] [PATCH] services: nginx: Add ssl-protocols option. |
Date: | Sun, 24 Jan 2021 02:36:42 +0100 |
Jonathan Brielmaier 写道:
The default settings is accordingly to Mozillas "Intermediate" configuration for nginx: https://ssl-config.mozilla.org
Oh, I see! Hiding subjective tweaks to upstream defaults in Guix services is a bad idea.
Imagine debugging this at 2 a.m., staring at the official nginx documentation through your tears.
I would also like to implement an option with good defaults for`ssl_ciphers` if you have ideas how to do that in a nice way speak up :)
How about writing ‘mozilla-recommended’ nginx configuration presets that users can inherit from? This would imply keeping them up to date, including the specific versions of nginx and *ssl in Guix.
I don't know whether this belongs in Guix or not, but then we already ship someone's Facebook blocklist, so... :-)
Kind regards, T G-R
signature.asc
Description: PGP signature
[Prev in Thread] | Current Thread | [Next in Thread] |