From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id Nyr/AMr1C2CafwAA0tVLHw (envelope-from ) for ; Sat, 23 Jan 2021 10:09:14 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id KEINOMn1C2CzPAAAB5/wlQ (envelope-from ) for ; Sat, 23 Jan 2021 10:09:13 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 5A87E9403A4 for ; Sat, 23 Jan 2021 10:09:13 +0000 (UTC) Received: from localhost ([::1]:60636 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1l3Fqy-0002U5-6P for larch@yhetil.org; Sat, 23 Jan 2021 05:09:12 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:46054) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1l3Fqo-0002Ts-63 for guix-patches@gnu.org; Sat, 23 Jan 2021 05:09:02 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:50390) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1l3Fqn-00054T-Tw for guix-patches@gnu.org; Sat, 23 Jan 2021 05:09:01 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1l3Fqn-0003U3-OX for guix-patches@gnu.org; Sat, 23 Jan 2021 05:09:01 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#46049] [PATCH] services: nginx: Add ssl-protocols option. References: <20210123100049.22389-1-jonathan.brielmaier@web.de> In-Reply-To: <20210123100049.22389-1-jonathan.brielmaier@web.de> Resent-From: Jonathan Brielmaier Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 23 Jan 2021 10:09:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 46049 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 46049@debbugs.gnu.org Received: via spool by 46049-submit@debbugs.gnu.org id=B46049.161139648113281 (code B ref 46049); Sat, 23 Jan 2021 10:09:01 +0000 Received: (at 46049) by debbugs.gnu.org; 23 Jan 2021 10:08:01 +0000 Received: from localhost ([127.0.0.1]:33703 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1l3Fpp-0003S4-1b for submit@debbugs.gnu.org; Sat, 23 Jan 2021 05:08:01 -0500 Received: from mout.web.de ([217.72.192.78]:55989) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1l3Fpm-0003Rn-Th for 46049@debbugs.gnu.org; Sat, 23 Jan 2021 05:07:59 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de; s=dbaedf251592; t=1611396471; bh=6ifVmVGJ28M9Zie51T2VJ41m/Y44g8Zu/yg0mA5WFfo=; h=X-UI-Sender-Class:To:From:Subject:Date; b=rNA/Busyxss+dCEmSrO1QKei8HFuriKyQdMG8Gkx/e4qieH8/i/Y65v7RbDnlK9js 8tkcRFqdh0ZfQDI5/kwPqHX6k+cY+i+oCEMtZqI7d2MJFEorOGmrA7C5gdBRC3bvM2 iQZg4bwIvL7oL8ItTtbaH/YJeXCV6ZjXijdtBzrw= X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9 Received: from [192.168.178.88] ([5.146.192.196]) by smtp.web.de (mrweb105 [213.165.67.124]) with ESMTPSA (Nemesis) id 1MjBVv-1lhW7u1pO1-00fEvO for <46049@debbugs.gnu.org>; Sat, 23 Jan 2021 11:07:51 +0100 From: Jonathan Brielmaier Message-ID: <5d511a10-e589-7de9-35ed-8294298dee7a@web.de> Date: Sat, 23 Jan 2021 11:07:50 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Icedove/78.6.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-GB Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:6b2w46neiKF1L9lAzbcBUoMThPEpf021c4IqXhmYH5ZpFcaku0f pgSWpOkyTaEiohRRFu7oEFdL63BNFM/kFpWGy+yApl2NBEBDTv65N5F8iSrkQh2rZbzatub Alokmnov4YLhK3JwgahpiJ1R4Kv12Ivr4Oe3gMfRrs3gd2P6CL8Mz+Uatpwx35413vdSnRd GfcYiCEhVWZpg5HcAC1Qg== X-UI-Out-Filterresults: notjunk:1;V03:K0:1ayZtLZRwHw=:HYkSNsOA+S5lGTC/HtgJge jGC65sLFkS/EAlDntKNAe8WLOZVXq7LX9JnIKu9iz+MGQHiId7K9zmnDGF+zNV+CwLiOBsCNZ 7pFRRog4mqId0lBVve2od+kYcNcwmxMtyPPeYm5gbzKXBUwSFQq4BxC9avSSWqL+4i7OeodOK zSBnE8eyBL7295UKs4cBEUICeohpV2nKDMAtnIVUoZqnz68fVpWaLoLyasd89u9rkYJ+TbVJL ndAWqcB0uq9LFAFjz4D0JiblC5T7FoKs46UaHEPE26lBvr3VwSatQl4VdkQ/gphWxEz0L2wnV bFmGxE7u3LSQvhKW8qP6LPbDSN2teAuzWbvqNUse7IjICsiN4dsKUs9Pf3Zp5WCaPNLNZpIzd JQE2SGLSIRLlDymEYv4xdg0C5z6LcSzLHtzzRcvctbSJwNiQ84uXmJRCE6ZBpOZiVGn9atfl4 PXFyVKFBhPkfPBzT9ynFZ+udUcHsuBjaZqGnngoAqN/7GJuVVCVHq3vbxjIVCnoIJRGSJrP0q kQnmFmWm6S/k2c+tDGTTlxRUEa2cs3k05II1xJP/1i78FfhgHjPwcIKOlVOkSHRf8NV3h08l7 MfARN/u7LkXspVnsNW2n/CRm5/Y8A5kN142AUPJgx4hAiO0q9AmeKqggqyLHRQhqiLmS1COjl ihrsVyFjZBWrPj3xz+bFBn77GO0c3EhtTSrqiCwKFHpcg1nn3Pm31/kI2OmTlktbVHPDD/CAQ XdKBTY2pqVGwyG6Y61ZqpHsYFJp+b/jsZ4J1oIpBR4G06A9crMgRf4vXyeW4srvmFW0tyJijV cShBI1hB5IWWCuVL+kxNBdBXhZTRU4zLRCNJ2ZfvlQaNaFIw6s7qVy9YsYmPJtWucHol0VRlH FM+mvslGfDkDtrYnO6GwBgSol/yFwlPlD8lQ9lLMw= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: -1.25 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=web.de header.s=dbaedf251592 header.b="rNA/Busy"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=web.de (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Queue-Id: 5A87E9403A4 X-Spam-Score: -1.25 X-Migadu-Scanner: scn1.migadu.com X-TUID: sYglNskmI7at I tested this change in multiple setups on my production server and I could not find any grave issues, apart from maybe warnings about duplication if you self setted this option via `raw-content`. The default settings is accordingly to Mozillas "Intermediate" configuration for nginx: https://ssl-config.mozilla.org I would also like to implement an option with good defaults for `ssl_ciphers` if you have ideas how to do that in a nice way speak up :)