Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

debian 9's nginx doesn't support tls1.3 #526

Merged
merged 1 commit into from Feb 21, 2022
Merged

debian 9's nginx doesn't support tls1.3 #526

merged 1 commit into from Feb 21, 2022

Conversation

rndmh3ro
Copy link
Member

while this could be better solved by checking what nginx version is used, debian9 is eol'd in 4 months. if there will be again a need to check for nginx versions, we'll add it then

Signed-off-by: rndmh3ro github@gumpri.ch

debian 9's nginx doesnt support tls1.3
468e467 
while this could be better solved by checking what nginx version is used, debian9 is eol'd in 4 months. if there will be again a need to check for nginx versions, we'll add it then

Signed-off-by: rndmh3ro <github@gumpri.ch>
schurzi
schurzi reviewed Feb 21, 2022
View reviewed changes
roles/nginx_hardening/defaults/main.yml
@@ -23,7 +23,6 @@ nginx_add_header:

nginx_set_cookie_flag: "* HttpOnly secure"
nginx_ssl_prefer_server_ciphers: "on"
nginx_ssl_protocols: "TLSv1.2 TLSv1.3"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think, we should reverse this split, when we drop Debian 9 support. Add a Issue for future reference?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#528

@schurzi schurzi changed the title debian 9's nginx doesnt support tls1.3 debian 9's nginx doesn't support tls1.3 Feb 21, 2022
@schurzi schurzi merged commit 9be3a05 into master Feb 21, 2022
@schurzi schurzi deleted the nginx_debian_9_tls branch February 21, 2022 10:49
@rndmh3ro rndmh3ro mentioned this pull request Feb 21, 2022
Closed
divialth pushed a commit to divialth/ansible-collection-hardening that referenced this pull request Aug 3, 2022
@schurzi
Merge pull request dev-sec#526 from dev-sec/nginx_debian_9_tls
41688cd 
debian 9's nginx doesn't support tls1.3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@schurzi schurzi schurzi left review comments

Assignees
No one assigned
Labels
bug nginx_hardening patch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@rndmh3ro @schurzi