Hello!
On Thu, Jul 30, 2015 at 01:44:15AM +0300, Gena Makhomed wrote:
> # HG changeset patch
> # User Gena Makhomed
> # Date 1437674403 14400
> # Thu Jul 23 14:00:03 2015 -0400
> # Node ID 57ac65580b5bba0cb4bb61dca9d63daec0ceb14c
> # Parent 341e4303d25be159d4773b819d0ec055ba711afb
> Workar
Hello!
On Wed, Jul 29, 2015 at 05:15:24PM -0300, Jonh Wendell wrote:
> src/http/ngx_http_header_filter_module.c | 5 +
> src/http/ngx_http_request.h | 2 +
> src/http/ngx_http_variables.c| 92
>
> 3 files changed, 99 insertions(+),
Hello!
On Thu, Jul 09, 2015 at 02:10:48PM +0100, Mindaugas Rasiukevicius wrote:
> Hi,
>
> Some background: nginx 1.9.2, used as a cache, can get into the state
> when it stops evicting the objects and eventually stops caching without
> being able to recover. This happens when the disk is full.
On 03.08.2015 12:26, Maxim Dounin wrote:
Here is the patch with slightly updated commit log and a comment
added to the code. Please take a look if it looks fine to you.
Yes, updated version of patch is more clean and easy to understand,
thank you!
# HG changeset patch
# User Gena Makhomed
The current example value for ssl_ciphers in nginx (HIGH:!aNULL:!MD5) has a
number of security issues, including:
- Weak DH key exchange / vulnerability to logjam attack
- Preferring AES-CBC instead of GCM, which causes an 'obsolete cipher
suite' message in recent versions of Chrome
Hello!
On Mon, Aug 03, 2015 at 05:51:34PM +0100, Mike MacCana wrote:
> The current example value for ssl_ciphers in nginx (HIGH:!aNULL:!MD5) has a
> number of security issues, including:
>
> - Weak DH key exchange / vulnerability to logjam attack
This is not really related to the cipher suit
On Mon, Aug 3, 2015 at 6:31 PM, Maxim Dounin wrote:
>
> Overral answer:
>
> No, thanks. And even if some of the over concens were valid, the
> answer would be the same. The default is kept good enough to be
> generally usable, and it doesn't try to account for any recent
> cryptographic findi
Hello!
On Mon, Aug 03, 2015 at 08:51:07PM +0100, Mike MacCana wrote:
> On Mon, Aug 3, 2015 at 6:31 PM, Maxim Dounin wrote:
>
>
>
> >
> > Overral answer:
> >
> > No, thanks. And even if some of the over concens were valid, the
> > answer would be the same. The default is kept good enough to
Thanks for the quick response again Maxim. You make some excellent points:
1. Best practices for cipher lists change over time.
2. ssl_prefer_server_ciphers is off by default
For now: how about:
- We use up to date values for NGX_DEFAULT_CIPHERS
- We turn on ssl_prefer_server_ciphers by default
Hello!
On Mon, Aug 03, 2015 at 11:53:08PM +0100, Mike MacCana wrote:
> Thanks for the quick response again Maxim. You make some excellent points:
>
> 1. Best practices for cipher lists change over time.
> 2. ssl_prefer_server_ciphers is off by default
>
> For now: how about:
> - We use up to d
10 matches
Mail list logo
