Open arthurzenika opened 6 years ago
Hi @arthurlogilab
It is good that TLS v1 and 1.1 are removed. But you can raise PR to set TLSv1.2 as default?
And yes, I think ssl_prefer_server_ciphers: 'on'
is acceptable formula default.
ref: http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_prefer_server_ciphers https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices#23-use-secure-cipher-suites
On second thoughts - It might not be optimal for security but these no-pillar settings are correct default nginx settings after installation.
I don't see these documented in pillar.example
- Could you raise PR on that plese.
When deploying nginx formula to debian stretch with no pillars, it removes ssl_protocols and ssl_prefer_server_ciphers
Would you agree to a PR that adds these settings ?