Package: nginx-snippets Version: 1.0+nmu1 Severity: normal
Dear Maintainer, nginx-snippets contains TLS configuration snippets based on Mozilla TLS generator. However, while the version of NGINX present in Trixie supports post quantum cryptography (X25519MLKEM768), these configuration snippets disable them with this line: ssl_ecdh_curve X25519:prime256v1:secp384r1; This configuration reduces the security of the TLS configuration and makes the hosted applications/sites vulnerable to a potential "Harvest Now Decrypt Later" attack. The version in testing/unstable is not affected as it uses: ssl_ecdh_curve ssl_ecdh_curve X25519MLKEM768:X25519:prime256v1:secp384r1; Regards, Gabriel -- System Information: Debian Release: 13.5 APT prefers stable-updatesAPT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64) Kernel: Linux 6.12.88+deb13-amd64 (SMP w/1 CPU thread; PREEMPT)Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages nginx-snippets depends on: ii nginx 1.26.3-3+deb13u5 ii nginx-common 1.26.3-3+deb13u5 ii openssl 3.5.6-1~deb13u1 nginx-snippets recommends no packages. nginx-snippets suggests no packages. -- no debconf information
OpenPGP_signature.asc
Description: OpenPGP digital signature
