No HTTPS on nginx.org by default
r1ch+nginx at teamliquid.net
Fri Aug 19 19:21:47 UTC 2016
I noticed that the PGP key used for signing the Debian release packages
recently expired. I went to download the new one and noticed that nginx.org
wasn't using HTTPS by default. Manually entering a https URL works as
expected, although some pages have hard coded http links in them.
Is there a reason that the website isn't using HTTPS and STS / HPKP? It
would help mitigate potential MITM attacks especially on precompiled
binaries and PGP key downloads.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx