unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
* [bug#46049] [PATCH] services: nginx: Add ssl-protocols option.
@ 2021-01-23 10:00 Jonathan Brielmaier
  2021-01-23 10:07 ` Jonathan Brielmaier
                   ` (2 more replies)
  0 siblings, 3 replies; 6+ messages in thread
From: Jonathan Brielmaier @ 2021-01-23 10:00 UTC (permalink / raw)
  To: 46049

* gnu/services/web.scm (<nginx-server-configuration>)[ssl-protocols]:
New entry defaulting to "secure" versions of TLS.
(emit-nginx-server-config): Add it.
* doc/guix.texi (Web Services): Document it.
---
 doc/guix.texi        | 3 +++
 gnu/services/web.scm | 5 +++++
 2 files changed, 8 insertions(+)

diff --git a/doc/guix.texi b/doc/guix.texi
index 4a20b3b902..4c187d4383 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -23616,6 +23616,9 @@ you don't have a certificate or you don't want to use HTTPS.
 Where to find the private key for secure connections.  Set it to @code{#f} if
 you don't have a key or you don't want to use HTTPS.

+@item @code{ssl-protocols} (default: @code{"TLSv1.2 TLSv1.3"})
+The versions of TLS used.
+
 @item @code{server-tokens?} (default: @code{#f})
 Whether the server should add its configuration to response.

diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index ff7b262b6a..93e1e802dc 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -113,6 +113,7 @@
             nginx-server-configuration-index
             nginx-server-configuration-ssl-certificate
             nginx-server-configuration-ssl-certificate-key
+            nginx-server-configuration-ssl-protocols
             nginx-server-configuration-server-tokens?
             nginx-server-configuration-raw-content

@@ -489,6 +490,8 @@
                        (default #f))
   (ssl-certificate-key nginx-server-configuration-ssl-certificate-key
                        (default #f))
+  (ssl-protocols       nginx-server-configuration-ssl-protocols
+                       (default "TLSv1.2 TLSv1.3"))
   (server-tokens?      nginx-server-configuration-server-tokens?
                        (default #f))
   (raw-content         nginx-server-configuration-raw-content
@@ -587,6 +590,7 @@ of index files."
         (ssl-certificate (nginx-server-configuration-ssl-certificate server))
         (ssl-certificate-key
          (nginx-server-configuration-ssl-certificate-key server))
+        (ssl-protocols (nginx-server-configuration-ssl-protocols server))
         (root (nginx-server-configuration-root server))
         (index (nginx-server-configuration-index server))
         (try-files (nginx-server-configuration-try-files server))
@@ -606,6 +610,7 @@ of index files."
      "      server_name " (config-domain-strings server-name) ";\n"
      (and/l ssl-certificate     "      ssl_certificate " <> ";\n")
      (and/l ssl-certificate-key "      ssl_certificate_key " <> ";\n")
+     "      ssl_protocols " ssl-protocols ";\n"
      "      root " root ";\n"
      "      index " (config-index-strings index) ";\n"
      (if (not (nil? try-files))
--
2.30.0





^ permalink raw reply related	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2022-11-22 15:28 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-01-23 10:00 [bug#46049] [PATCH] services: nginx: Add ssl-protocols option Jonathan Brielmaier
2021-01-23 10:07 ` Jonathan Brielmaier
2021-01-24  1:36   ` guix-patches--- via
2021-01-24 13:25     ` Jonathan Brielmaier
2021-01-24  0:45 ` guix-patches--- via
2022-11-22 15:26 ` mirai

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).