[bug#46049] [PATCH] services: nginx: Add ssl-protocols option.

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#46049] [PATCH] services: nginx: Add ssl-protocols option.

From:	Jonathan Brielmaier
Subject:	[bug#46049] [PATCH] services: nginx: Add ssl-protocols option.
Date:	Sat, 23 Jan 2021 11:00:49 +0100

* gnu/services/web.scm (<nginx-server-configuration>)[ssl-protocols]:
New entry defaulting to "secure" versions of TLS.
(emit-nginx-server-config): Add it.
* doc/guix.texi (Web Services): Document it.
---
 doc/guix.texi        | 3 +++
 gnu/services/web.scm | 5 +++++
 2 files changed, 8 insertions(+)

diff --git a/doc/guix.texi b/doc/guix.texi
index 4a20b3b902..4c187d4383 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -23616,6 +23616,9 @@ you don't have a certificate or you don't want to use 
HTTPS.
 Where to find the private key for secure connections.  Set it to @code{#f} if
 you don't have a key or you don't want to use HTTPS.

+@item @code{ssl-protocols} (default: @code{"TLSv1.2 TLSv1.3"})
+The versions of TLS used.
+
 @item @code{server-tokens?} (default: @code{#f})
 Whether the server should add its configuration to response.

diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index ff7b262b6a..93e1e802dc 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -113,6 +113,7 @@
             nginx-server-configuration-index
             nginx-server-configuration-ssl-certificate
             nginx-server-configuration-ssl-certificate-key
+            nginx-server-configuration-ssl-protocols
             nginx-server-configuration-server-tokens?
             nginx-server-configuration-raw-content

@@ -489,6 +490,8 @@
                        (default #f))
   (ssl-certificate-key nginx-server-configuration-ssl-certificate-key
                        (default #f))
+  (ssl-protocols       nginx-server-configuration-ssl-protocols
+                       (default "TLSv1.2 TLSv1.3"))
   (server-tokens?      nginx-server-configuration-server-tokens?
                        (default #f))
   (raw-content         nginx-server-configuration-raw-content
@@ -587,6 +590,7 @@ of index files."
         (ssl-certificate (nginx-server-configuration-ssl-certificate server))
         (ssl-certificate-key
          (nginx-server-configuration-ssl-certificate-key server))
+        (ssl-protocols (nginx-server-configuration-ssl-protocols server))
         (root (nginx-server-configuration-root server))
         (index (nginx-server-configuration-index server))
         (try-files (nginx-server-configuration-try-files server))
@@ -606,6 +610,7 @@ of index files."
      "      server_name " (config-domain-strings server-name) ";\n"
      (and/l ssl-certificate     "      ssl_certificate " <> ";\n")
      (and/l ssl-certificate-key "      ssl_certificate_key " <> ";\n")
+     "      ssl_protocols " ssl-protocols ";\n"
      "      root " root ";\n"
      "      index " (config-index-strings index) ";\n"
      (if (not (nil? try-files))
--
2.30.0

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#46049] [PATCH] services: nginx: Add ssl-protocols option., Jonathan Brielmaier <=
- [bug#46049] [PATCH] services: nginx: Add ssl-protocols option., Jonathan Brielmaier, 2021/01/23
  - [bug#46049] [PATCH] services: nginx: Add ssl-protocols option., Tobias Geerinckx-Rice, 2021/01/23
    - [bug#46049] [PATCH] services: nginx: Add ssl-protocols option., Jonathan Brielmaier, 2021/01/24
- [bug#46049] [PATCH] services: nginx: Add ssl-protocols option., Tobias Geerinckx-Rice, 2021/01/23

Prev by Date: [bug#45736] [PATCH v2 3/3] gnu: Minor whitespace cleanup.
Next by Date: [bug#46049] [PATCH] services: nginx: Add ssl-protocols option.
Previous by thread: [bug#46045] [PATCH] Time for astrosoft - libpasastro
Next by thread: [bug#46049] [PATCH] services: nginx: Add ssl-protocols option.
Index(es):
- Date
- Thread