We switched to nginx earlier this year, and just had our first penetration test against it. One issue they found is that the our setup is vulnerable to the "TLS renegotiation man-in-the-middle vulnerability." (SSLv3 / TLSv1 renegotiation). I verified this separately by checking our site against https://www.ssllabs.com/ssltest/index.html ("Secure Renegotiation" is flagged inby joemastersemison - How to...
![]() |
![]() |
![]() |
![]() |
|