No HTTPS on nginx.org by default
reallfqq-nginx at yahoo.fr
Sun Aug 21 13:56:09 UTC 2016
It is surprising, since I remember Ilya Grigorik made a talk about TLS
during the first ever nginx conf in 2014:
Thus, there is no reason for not going full-HTTPS in delivering Web pages.
On Fri, Aug 19, 2016 at 9:21 PM, Richard Stanway <r1ch+nginx at teamliquid.net>
> I noticed that the PGP key used for signing the Debian release packages
> recently expired. I went to download the new one and noticed that
> nginx.org wasn't using HTTPS by default. Manually entering a https URL
> works as expected, although some pages have hard coded http links in them.
> Is there a reason that the website isn't using HTTPS and STS / HPKP? It
> would help mitigate potential MITM attacks especially on precompiled
> binaries and PGP key downloads.
> nginx mailing list
> nginx at nginx.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx