In light of our goals to promote and enable better security practices,
I've spend some time looking into `nginx-mainline` and improving the
supported and enabled SSL protocols.
Currently, by default, TLSv1 and TLSv1.1 are enabled by default. TLSv1.3
isn't properly enabled. This results in a `B` rating on SSL Labs for a
Thus, I will be changing the default protocols to support TLSv1.2 and
TLSv1.3 only. This should result in an `A` rating for the default setup.
If you are running with the standard configs, no action should be needed
once this change lands.
If you do have a need to support (5+ year old) clients that need the
older protocols, you can enable them in nginx-mainling.conf with the
At some point in the future I will likely also disable 128bit ciphers by
default for the same reasons.
These changes are not applied to `nginx`. I am slowly deprecating
`nginx` in favor of `nginx-mainline` going forward. At some point we
will likely obsolete and remove `nginx` entirely.
Customer request for f2fs as a root file system during install.
Need to pull in the f2fs tool for mkfs.
NOTE: This also depends upon the bare-metal kernels having
f2fs built-in and the cmdline allowing f2fs for rootfs.
Signed-off-by: Mark D Horn <mark.d.horn(a)intel.com>
bundles/clr-installer | 1 +
1 file changed, 1 insertion(+)
diff --git a/bundles/clr-installer b/bundles/clr-installer
index 626b51af57d0..c8294b1a7166 100644
@@ -27,6 +27,7 @@ cryptsetup-config