Accepting request 592007 from server:http

- Recommend to use TLSv1.2 by default (boo#1086855) OBS-URL: https://build.opensuse.org/request/show/592007 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=21
2018-03-29 09:57:28 +00:00 · 2018-03-29 09:57:28 +00:00 · 80ab1fdf8e
commit 80ab1fdf8e
parent 013939fa8a 5cdde8b765
2 changed files with 24 additions and 10 deletions
--- a/nginx-1.6.1-default_config.patch
+++ b/nginx-1.6.1-default_config.patch
@ -1,7 +1,5 @@
-Index: conf/nginx.conf
-===================================================================
--- conf/nginx.conf.orig
-+++ conf/nginx.conf
+--- conf/nginx.conf.orig	2018-03-28 11:56:48.834012377 +0200
+++ conf/nginx.conf	2018-03-28 13:16:09.978372767 +0200
@@ -1,16 +1,28 @@
 
 -#user  nobody;
@ -36,7 +34,7 @@ Index: conf/nginx.conf
 }
 
 
-@@ -22,7 +34,7 @@ http {
+@@ -22,7 +34,7 @@
     #                  '$status $body_bytes_sent "$http_referer" '
     #                  '"$http_user_agent" "$http_x_forwarded_for"';
 
@ -45,7 +43,7 @@ Index: conf/nginx.conf
 
     sendfile        on;
     #tcp_nopush     on;
-@@ -32,16 +44,18 @@ http {
+@@ -32,16 +44,18 @@
 
     #gzip  on;
 
@ -66,7 +64,7 @@ Index: conf/nginx.conf
             index  index.html index.htm;
         }
 
-@@ -51,7 +65,7 @@ http {
+@@ -51,7 +65,7 @@
         #
         error_page   500 502 503 504  /50x.html;
         location = /50x.html {
@ -75,7 +73,7 @@ Index: conf/nginx.conf
         }
 
         # proxy the PHP scripts to Apache listening on 127.0.0.1:80
-@@ -63,7 +77,7 @@ http {
+@@ -63,7 +77,7 @@
         # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
         #
         #location ~ \.php$ {
@ -84,7 +82,7 @@ Index: conf/nginx.conf
         #    fastcgi_pass   127.0.0.1:9000;
         #    fastcgi_index  index.php;
         #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
-@@ -87,7 +101,7 @@ http {
+@@ -87,7 +101,7 @@
     #    server_name  somename  alias  another.alias;
 
     #    location / {
@ -93,7 +91,18 @@ Index: conf/nginx.conf
     #        index  index.html index.htm;
     #    }
     #}
-@@ -109,9 +123,11 @@ http {
+@@ -101,6 +115,10 @@
+ 
+     #    ssl_certificate      cert.pem;
+     #    ssl_certificate_key  cert.key;
+    
+    #    Allow TLS version 1.2 only, which is a recommended default these days
+    #    by international information security standards.
+    #    ssl_protocols        TLSv1.2;
+ 
+     #    ssl_session_cache    shared:SSL:1m;
+     #    ssl_session_timeout  5m;
+@@ -109,9 +127,11 @@
     #    ssl_prefer_server_ciphers  on;
 
     #    location / {
--- a/nginx.changes
+++ b/nginx.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Wed Mar 28 11:18:44 UTC 2018 - achernikov@suse.com
+
+- Recommend to use TLSv1.2 by default (boo#1086855)
+   
 -------------------------------------------------------------------
 Wed Feb 21 13:32:25 UTC 2018 - mrueckert@suse.de