Skip to content

Update nginx to the latest and improve TLS cipher suite list. TASK-55769#237

Merged
ab merged 5 commits into
mainfrom
ab/nginx-updates
May 6, 2026
Merged

Update nginx to the latest and improve TLS cipher suite list. TASK-55769#237
ab merged 5 commits into
mainfrom
ab/nginx-updates

Conversation

@ab

@ab ab commented May 4, 2026

Copy link
Copy Markdown
Member
  • Upgrade nginx to a supported version.
  • Disable TLSv1 and refresh cipher suite list.
  • Remove OCSP stapling since Let's Encrypt has sunset OCSP.

https://www.notion.so/sublimesecurity/35604655fc9d814ab504ec57cd7cbfba

To enable SSL with your custom certificate, follow the steps below:

1. Copy your certificate and key to certs/nginx.crt and certs/nginx.key
2. Copy your dhparam file to certs/dhparam.pem

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The rest of these need to be renumbered (it's "1, 3, 4, 5, ..." currently).

@madirey

madirey commented May 5, 2026

Copy link
Copy Markdown
Member

Getting this deprecation warning on startup: nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/nginx.conf:20 ... not a bug, but I think can drop http2 from the listen lines and add a single http2 on; to the server block to clean up logs.

@madirey

madirey commented May 5, 2026

Copy link
Copy Markdown
Member

Startup looks good, TLS negotiation confirmed, cipher list is enforced, returned headers look good.

Comment thread nginx-custom-ssl/conf/ssl-params.conf Outdated
@ab ab requested a review from madirey May 5, 2026 16:38
@ab ab enabled auto-merge (squash) May 5, 2026 16:56
@madirey

madirey commented May 5, 2026

Copy link
Copy Markdown
Member
image

@madirey

madirey commented May 5, 2026

Copy link
Copy Markdown
Member

Need updates for the letsencrypt container too + remove --text and --no-self-upgrade from start.sh.

@ab ab merged commit 304359c into main May 6, 2026
3 checks passed
@ab ab deleted the ab/nginx-updates branch May 6, 2026 17:26
@ab ab mentioned this pull request May 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants