Hello!

On Wed, Nov 28, 2018 at 03:07:25AM -0500, Olaf van der Spek wrote:

> Olaf van der Spek Wrote:
> -------------------------------------------------------
> > Maxim Dounin Wrote:
> > -------------------------------------------------------
> > > Hello!
> > >
> > > On Fri, Nov 23, 2018 at 01:05:55PM -0500, Olaf van der Spek wrote:
> > >
> > > > What's the recommendation for distros? Should they explicitly
> > enable
> > > > TLSv1.3?
> > > > Ideally they'd just stick to upstream defaults, hence my question
> > > about the
> > > > default.
> > >
> > > The recommendation for distros is to don't mess with the defaults.
> >
> > Should they use the 'defaults' from the stock nginx.conf or the
> > defaults from the binary / docs? ;)
>
>
> Maxim?

There is no such thing as "defaults from the stock nginx.conf".
The nginx.conf file can be used to set various configuration
parameters.

Obviously enough, distributions may need to set something in
nginx.conf they ship with nginx packages differently from what is
configured in example configuration as available in nginx sources,
conf/nginx.conf. Though my recommendation would be to keep
configuration shipped as close to conf/nginx.conf as possible, and
don't diverge from it unless there are good reasons to.

As for TLSv1.3, the TLSv1.3 protocol is currently disabled by
default in nginx. Distributions shouldn't try to enable it
(either way) unless there are very good reasons to do so.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx