search

mozilla / ssl-config-generator

Mozilla SSL Configuration Generator
https://ssl-config.mozilla.org/
Mozilla Public License 2.0
357 stars 59 forks source link

nginx http2 in listen-Directive is obsolete #239

Open StefanWetterActiware opened 3 months ago

StefanWetterActiware commented 3 months ago

Hello,

you generate for modern nginx:

# generated 2024-04-09, Mozilla Guideline v5.7, nginx 1.17.7, OpenSSL 1.1.1k, modern configuration, no HSTS, no OCSP
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=modern&openssl=1.1.1k&hsts=false&ocsp=false&guideline=5.7
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    ...}

This is obsolete. Should be:

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    http2 on;
    ...}

See https://nginx.org/en/docs/http/ngx_http_v2_module.html

janbrasna commented 1 month ago

Thanks for noticing. This is a duplicate of #210 and has been resolved in #207 already.

The only issue is that the default nginx template view doesn't use the present-day version number — but if you put in any recent version that you might use, e.g.: 1.25.5, you'll see it's the current syntax.

This will fix itself eventually, when an update using either 1.25.5 or 1.26.x as the default version for the form is released here.