Update nginx.conf defaults for modern security (!80) · Merge requests · Nginx / nginx

The source project of this merge request has been removed.

Thomas Ward requested to merge (removed):modern-security-practices into wip-1.26.0-2 Jun 17, 2024

Match current security practices for SSL protocols and SSL Prefer Server Ciphers
Hide NGINX version in responses, modern security practice

Downstream, in Ubuntu, multiple requests continue to be made to change the SSL settings, etc. in nginx.conf to match modern security requirements and expectations.

In recent years, it has been considered bad to enforce server ciphers, poor security to show the server version in responses, and also bad to have TLS 1.0 and TLS 1.1 enabled.

So, let's start bringing nginx.conf to the modern era.

Edited Jun 17, 2024 by Thomas Ward

Update nginx.conf defaults for modern security

Merge request reports