id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
1273	Missing default secure configuration: proxy_ssl_verify	bishtspp@…		"Hi, 

Is there a reason proxy_ssl_verify is not on by default? 

Syntax:	proxy_ssl_verify on | off;
Default:	
proxy_ssl_verify off;
Context:	http, server, location
This directive appeared in version 1.7.0.

When this bug was reported and discussed in 2013 (https://trac.nginx.org/nginx/ticket/13), the suggestion was to make it secure by default and i quote ""The default for https connections should be to require verification. The current setup encourages administrators to believe that their proxy connections are resistant to MITM attack when they actually are not."". 

Many admins and security minded folks may not be aware that nginx is not secure by default in this respect. Please do the needful to make it secure by default. 

Regards
Prithvi"	defect	closed	major		other	1.9.x	wontfix				1.9.1