No HTTPS on nginx.org by default
B.R.
reallfqq-nginx at yahoo.fr
Sun Aug 21 13:56:09 UTC 2016
It is surprising, since I remember Ilya Grigorik made a talk about TLS
during the first ever nginx conf in 2014:
https://www.youtube.com/watch?v=iHxD-G0YjiU
https://istlsfastyet.com/
Thus, there is no reason for not going full-HTTPS in delivering Web pages.
---
*B. R.*
On Fri, Aug 19, 2016 at 9:21 PM, Richard Stanway <r1ch+nginx at teamliquid.net>
wrote:
> Hello,
> I noticed that the PGP key used for signing the Debian release packages
> recently expired. I went to download the new one and noticed that
> nginx.org wasn't using HTTPS by default. Manually entering a https URL
> works as expected, although some pages have hard coded http links in them.
>
> Is there a reason that the website isn't using HTTPS and STS / HPKP? It
> would help mitigate potential MITM attacks especially on precompiled
> binaries and PGP key downloads.
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160821/1a172876/attachment.html>
More information about the nginx
mailing list