Jonathan Brielmaier 写道: > The default settings is accordingly to Mozillas "Intermediate" > configuration for nginx: https://ssl-config.mozilla.org Oh, I see! Hiding subjective tweaks to upstream defaults in Guix services is a bad idea. Imagine debugging this at 2 a.m., staring at the official nginx documentation through your tears. > I would also like to implement an option with good defaults for > `ssl_ciphers` if you have ideas how to do that in a nice way > speak up :) How about writing ‘mozilla-recommended’ nginx configuration presets that users can inherit from? This would imply keeping them up to date, including the specific versions of nginx and *ssl in Guix. I don't know whether this belongs in Guix or not, but then we already ship someone's Facebook blocklist, so... :-) Kind regards, T G-R