No HTTPS on by default

rainer at rainer at
Mon Aug 22 15:58:47 UTC 2016

Am 2016-08-22 17:44, schrieb Maxim Konovalov:
> On 8/22/16 6:40 PM, Richard Stanway wrote:
>> 1. You could provide <>
>> mirror for such people, make <> secure by
>> default.
> No, thanks.  It is secure by default and HTTPS by default doesn't
> add any value.
>> 2. Modern server CPUs are already extremely energy efficient, TLS
>> adds negligible load. See
> Sorry, failed to find any power consumption bechnmarks here.

Well, in theory, a nation-state or someone in a user's network-path 
could probably inject a trojaned binary/source-file (and also replace 
the content of the checksum-file etc.).

But it's IMO not worth arguing about these things.

Also, an asteroid could hit earth and everything could be over next 

nginx doesn't provide an auto-update mechanism that stupidly downloads 
and accepts all and everything somebody makes available under some 
spoofed address.

More information about the nginx mailing list