No HTTPS on by default

B.R. reallfqq-nginx at
Sun Aug 21 13:56:09 UTC 2016

It is surprising, since I remember Ilya Grigorik made a talk about TLS
during the first ever nginx conf in 2014:

Thus, there is no reason for not going full-HTTPS in delivering Web pages.
*B. R.*

On Fri, Aug 19, 2016 at 9:21 PM, Richard Stanway <r1ch+nginx at>

> Hello,
> I noticed that the PGP key used for signing the Debian release packages
> recently expired. I went to download the new one and noticed that
> wasn't using HTTPS by default. Manually entering a https URL
> works as expected, although some pages have hard coded http links in them.
> Is there a reason that the website isn't using HTTPS and STS / HPKP? It
> would help mitigate potential MITM attacks especially on precompiled
> binaries and PGP key downloads.
> _______________________________________________
> nginx mailing list
> nginx at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list