From: Jonathan Brielmaier <jonathan.brielmaier@web.de>
To: 46049@debbugs.gnu.org
Subject: [bug#46049] [PATCH] services: nginx: Add ssl-protocols option.
Date: Sat, 23 Jan 2021 11:00:49 +0100 [thread overview]
Message-ID: <20210123100049.22389-1-jonathan.brielmaier@web.de> (raw)
* gnu/services/web.scm (<nginx-server-configuration>)[ssl-protocols]:
New entry defaulting to "secure" versions of TLS.
(emit-nginx-server-config): Add it.
* doc/guix.texi (Web Services): Document it.
---
doc/guix.texi | 3 +++
gnu/services/web.scm | 5 +++++
2 files changed, 8 insertions(+)
diff --git a/doc/guix.texi b/doc/guix.texi
index 4a20b3b902..4c187d4383 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -23616,6 +23616,9 @@ you don't have a certificate or you don't want to use HTTPS.
Where to find the private key for secure connections. Set it to @code{#f} if
you don't have a key or you don't want to use HTTPS.
+@item @code{ssl-protocols} (default: @code{"TLSv1.2 TLSv1.3"})
+The versions of TLS used.
+
@item @code{server-tokens?} (default: @code{#f})
Whether the server should add its configuration to response.
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index ff7b262b6a..93e1e802dc 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -113,6 +113,7 @@
nginx-server-configuration-index
nginx-server-configuration-ssl-certificate
nginx-server-configuration-ssl-certificate-key
+ nginx-server-configuration-ssl-protocols
nginx-server-configuration-server-tokens?
nginx-server-configuration-raw-content
@@ -489,6 +490,8 @@
(default #f))
(ssl-certificate-key nginx-server-configuration-ssl-certificate-key
(default #f))
+ (ssl-protocols nginx-server-configuration-ssl-protocols
+ (default "TLSv1.2 TLSv1.3"))
(server-tokens? nginx-server-configuration-server-tokens?
(default #f))
(raw-content nginx-server-configuration-raw-content
@@ -587,6 +590,7 @@ of index files."
(ssl-certificate (nginx-server-configuration-ssl-certificate server))
(ssl-certificate-key
(nginx-server-configuration-ssl-certificate-key server))
+ (ssl-protocols (nginx-server-configuration-ssl-protocols server))
(root (nginx-server-configuration-root server))
(index (nginx-server-configuration-index server))
(try-files (nginx-server-configuration-try-files server))
@@ -606,6 +610,7 @@ of index files."
" server_name " (config-domain-strings server-name) ";\n"
(and/l ssl-certificate " ssl_certificate " <> ";\n")
(and/l ssl-certificate-key " ssl_certificate_key " <> ";\n")
+ " ssl_protocols " ssl-protocols ";\n"
" root " root ";\n"
" index " (config-index-strings index) ";\n"
(if (not (nil? try-files))
--
2.30.0
next reply other threads:[~2021-01-23 10:02 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-23 10:00 Jonathan Brielmaier [this message]
2021-01-23 10:07 ` [bug#46049] [PATCH] services: nginx: Add ssl-protocols option Jonathan Brielmaier
2021-01-24 1:36 ` guix-patches--- via
2021-01-24 13:25 ` Jonathan Brielmaier
2021-01-24 0:45 ` guix-patches--- via
2022-11-22 15:26 ` mirai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210123100049.22389-1-jonathan.brielmaier@web.de \
--to=jonathan.brielmaier@web.de \
--cc=46049@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).