Package: nginx Version: 0.7.67-1 Severity: wishlist
Hi, I've looked into the default configuration of nginx and found that the SSL part contains eg. this comment: #ssl_protocols SSLv2 SSLv3 TLSv1; I guess that most people would simply remove the comment to enable SSL, but SSLv2 is really not a desirable protocol these days, and should be disabled. To make things easier for users, it would be nice if you could remove all traces of SSLv2 from the configuration, so that users who want to use SSL, won't inadvertantly activate it. Kind regards, --Toni++ -- System Information: Debian Release: 5.0.5 APT prefers stable APT policy: (990, 'stable'), (500, 'proposed-updates'), (450, 'testing'), (250, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-2-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages nginx depends on: ii libc6 2.7-18lenny4 GNU C Library: Shared libraries ii libpcre3 7.6-2.1 Perl 5 Compatible Regular Expressi ii libssl0.9.8 0.9.8g-15+lenny7 SSL shared libraries ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime nginx recommends no packages. nginx suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
