-
-
Notifications
You must be signed in to change notification settings - Fork 883
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove deprecated ssl
directive
#1576
Comments
Actually, I see that the |
This comes from: puppet-nginx/templates/server/server_ssl_settings.erb Lines 1 to 3 in e984c16
On first run, if nginx was not installed, the fact puppet-nginx/manifests/init.pp Line 243 in e984c16
I am not sure if we can just remove this code fragment without consequences. On one hand, version 1.15.0 was released in 2020 and has known vulnerabilities, but on the other hand if we allow to set a specific version I am sure people use this to stick to a legacy release… |
@smortex ahhh. Seems like the default value for |
I see now that this is documented too: Lines 148 to 153 in e984c16
Done in 0ff8265 |
According to https://www.nginx.com/support/:
Latest release is from 2023-08-15 (1.25.2), so the first version after 2021-08-15 is 1.21.2 released on 2021-08-31. Version 1.15.0 is therefore not maintained anymore by NGINX. But Debian oldoldstable ship version 1.14.2 and continue to backport security fixes for this version. Maybe updating the default version would be enough for now: instead of having the 1st Puppet run produce a broken config with recent nginx and the 2nd run fix it, we can have a broken config on 1st run on legacy systems and a fix on the 2nd? |
We need to remove the deprecated
ssl
directive, which was deprecated in version 1.15.0, and has been removed in nginx 1.25.1: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#sslThe text was updated successfully, but these errors were encountered: