public_git
/
nexus-vagrant
mirror of https://github.com/rgl/nexus-vagrant.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

configure nginx for the tls 1.2 and 1.3 protocols

This commit is contained in:
Rui Lopes 2022-06-04 18:01:25 +01:00
parent d9921c893e
commit a7cab411eb
1 changed files with 4 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
provision/provision-base.sh
View File

@ -119,11 +119,10 @@ server {
ssl_certificate /etc/ssl/private/$config_fqdn-crt.pem;
ssl_certificate_key /etc/ssl/private/$config_fqdn-keypair.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_protocols TLSv1.2 TLSv1.3;
# see https://github.com/cloudflare/sslconfig/blob/master/conf
# see https://blog.cloudflare.com/it-takes-two-to-chacha-poly/
# see https://blog.cloudflare.com/do-the-chacha-better-mobile-performance-with-cryptography/
# NB even though we have CHACHA20 here, the OpenSSL library that ships with Ubuntu 16.04 does not have it. so this is a nop. no problema.
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!aNULL:!MD5;
tcp_nodelay on;
@ -154,11 +153,10 @@ server {
ssl_certificate /etc/ssl/private/$config_fqdn-crt.pem;
ssl_certificate_key /etc/ssl/private/$config_fqdn-keypair.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_protocols TLSv1.2 TLSv1.3;
# see https://github.com/cloudflare/sslconfig/blob/master/conf
# see https://blog.cloudflare.com/it-takes-two-to-chacha-poly/
# see https://blog.cloudflare.com/do-the-chacha-better-mobile-performance-with-cryptography/
# NB even though we have CHACHA20 here, the OpenSSL library that ships with Ubuntu 16.04 does not have it. so this is a nop. no problema.
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!aNULL:!MD5;
tcp_nodelay on;
@ -184,11 +182,10 @@ server {
ssl_certificate /etc/ssl/private/$config_fqdn-crt.pem;
ssl_certificate_key /etc/ssl/private/$config_fqdn-keypair.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_protocols TLSv1.2 TLSv1.3;
# see https://github.com/cloudflare/sslconfig/blob/master/conf
# see https://blog.cloudflare.com/it-takes-two-to-chacha-poly/
# see https://blog.cloudflare.com/do-the-chacha-better-mobile-performance-with-cryptography/
# NB even though we have CHACHA20 here, the OpenSSL library that ships with Ubuntu 16.04 does not have it. so this is a nop. no problema.
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!aNULL:!MD5;
tcp_nodelay on;
@ -214,11 +211,10 @@ server {
ssl_certificate /etc/ssl/private/$config_fqdn-crt.pem;
ssl_certificate_key /etc/ssl/private/$config_fqdn-keypair.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_protocols TLSv1.2 TLSv1.3;
# see https://github.com/cloudflare/sslconfig/blob/master/conf
# see https://blog.cloudflare.com/it-takes-two-to-chacha-poly/
# see https://blog.cloudflare.com/do-the-chacha-better-mobile-performance-with-cryptography/
# NB even though we have CHACHA20 here, the OpenSSL library that ships with Ubuntu 16.04 does not have it. so this is a nop. no problema.
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!aNULL:!MD5;
tcp_nodelay on;