I definitely agree that it needs to be stronger. We'll look into this to figure out what would likely be best. Thanks for bringing it to our attention.
On Thu, Nov 21, 2013 at 4:12 PM, Toni Mueller <supp...@oeko.net> wrote: > Package: nginx > Version: 1.2.1-2.2+wheezy1 > Severity: normal > > Dear Maintainer, > > recently, I checked my nginx configuration with Qualy's www.ssllabs.com > service, and found it to be not very strong. I was able to improve the > rating by using this configuration: > > > ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; > ssl_ciphers > "HIGH:!aNULL:!eNULL:!RC4:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:+EXP"; > ssl_prefer_server_ciphers on; > > > > It would be nice if you would make this configuration the default - > provided you agree that it configuration is stronger than the original > configuration, and sufficiently compatible. > > > Kind regards, > --Toni++ > > > > -- System Information: > Debian Release: 7.2 > APT prefers stable > APT policy: (990, 'stable'), (500, 'testing'), (100, 'unstable'), (1, > 'experimental') > Architecture: amd64 (x86_64) > Foreign Architectures: i386 > > Kernel: Linux 3.11-2-amd64 (SMP w/4 CPU cores) > Locale: LANG=de_DE.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > > Versions of packages nginx depends on: > ii nginx-full 1.4.1-3~bpo70+1 > > nginx recommends no packages. > > nginx suggests no packages. > > -- no debconf information > >
