From debbugs-submit-bounces@debbugs.gnu.org Sat Jan 23 20:36:47 2021 Received: (at 46049) by debbugs.gnu.org; 24 Jan 2021 01:36:47 +0000 Received: from localhost ([127.0.0.1]:35660 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1l3UKd-0003Ue-0p for submit@debbugs.gnu.org; Sat, 23 Jan 2021 20:36:47 -0500 Received: from tobias.gr ([80.241.217.52]:52038) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1l3UKb-0003UV-LL for 46049@debbugs.gnu.org; Sat, 23 Jan 2021 20:36:46 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tobias.gr; s=2018; bh=OAVOP0PeYvCDTwP+9R6jfDR/HochUzkZonnQUx0stGs=; h=date:in-reply-to: references:subject:cc:to:from; b=T98t3wOM7nV7CWRLGx7dvWDdNS7XZx1cu8CEM 4Fgsnjb/SaQ8lqZHk4bi4XydA1SW6NgMGc8vUIaA/FPPeNBw5J6lRZXjLKnreaXDMkfzAC Uj27Gfj9OMS4rxLn8dgqgXW/xp5wDC7GmfnAAVnvPu3Y4px3TAnXoPTrQQt8QLyKidSDVX 7ade30333FdlzeiI1IoF0eCBLKqBL5nC9HdG8gsSnT1lejmV5Rf08hnd/7XWhDLgpIFbET cYC7f0WsEiDauDHjfMpIm8gHoXw2f3kWFKfwf7mKk9318WvVFK/CiekXL6cpoklroW1a00 bmk0hAaOp7SNd2u3rL6d360/g== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 5c329a43 (TLSv1.2:ECDHE-ECDSA-AES256-GCM-SHA384:256:NO); Sun, 24 Jan 2021 01:37:21 +0000 (UTC) BIMI-Selector: v=BIMI1; s=default; From: Tobias Geerinckx-Rice To: Jonathan Brielmaier Subject: Re: [bug#46049] [PATCH] services: nginx: Add ssl-protocols option. References: <20210123100049.22389-1-jonathan.brielmaier@web.de> <5d511a10-e589-7de9-35ed-8294298dee7a@web.de> In-reply-to: <5d511a10-e589-7de9-35ed-8294298dee7a@web.de> Date: Sun, 24 Jan 2021 02:36:42 +0100 Message-ID: <874kj7qfo5.fsf@nckx> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 46049 Cc: 46049@debbugs.gnu.org, guix-patches@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Jonathan Brielmaier =E5=86=99=E9=81=93=EF=BC=9A > The default settings is accordingly to Mozillas "Intermediate" > configuration for nginx: https://ssl-config.mozilla.org Oh, I see! Hiding subjective tweaks to upstream defaults in Guix=20 services is a bad idea. Imagine debugging this at 2 a.m., staring at the official nginx=20 documentation through your tears. > I would also like to implement an option with good defaults for > `ssl_ciphers` if you have ideas how to do that in a nice way=20 > speak up :) How about writing =E2=80=98mozilla-recommended=E2=80=99 nginx configuration= =20 presets that users can inherit from? This would imply keeping=20 them up to date, including the specific versions of nginx and *ssl=20 in Guix. I don't know whether this belongs in Guix or not, but then we=20 already ship someone's Facebook blocklist, so... :-) Kind regards, T G-R --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCYAzPKw0cbWVAdG9iaWFz LmdyAAoJEA2w/4hPVW15GfUA/2NB4n/iQZTkT7C3N2EvtPsw3/cqYBfD25hRS/b1 eY9SAQCL8bF60pqyUPug9Lef+xgTYFQ0xgnKmw4GIbEnGjUzDQ== =nXwD -----END PGP SIGNATURE----- --=-=-=--