Remove TLS 1.0/1.1 support

author Matt Palmer <mpalmer@hezmatt.org>

Thu, 5 Apr 2018 04:52:16 +0000 (14:52 +1000)

committer Matt Palmer <mpalmer@hezmatt.org>

Thu, 5 Apr 2018 04:52:22 +0000 (14:52 +1000)
author Matt Palmer <mpalmer@hezmatt.org>
Thu, 5 Apr 2018 04:52:16 +0000 (14:52 +1000)
committer Matt Palmer <mpalmer@hezmatt.org>
Thu, 5 Apr 2018 04:52:22 +0000 (14:52 +1000)
diff --git a/templates/web.ssl.template.yml b/templates/web.ssl.template.yml

index e5f6f8b76c1e47d6f7e0c4c9c6c5e2c1f607efd3..a76ae0d53e372f3a902e8c25e9b36cc61db83972 100644 (file)
--- a/templates/web.ssl.template.yml
+++ b/templates/web.ssl.template.yml
@@ -18,7 +18,7 @@ run:
       from: /listen 80;\s+gzip on;/m
       to: |
         listen 443 ssl http2;
-       ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+       ssl_protocols TLSv1.2;
         ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA;
         ssl_prefer_server_ciphers on;
         ssl_ecdh_curve secp384r1:prime256v1;
author	Matt Palmer <mpalmer@hezmatt.org>
	Thu, 5 Apr 2018 04:52:16 +0000 (14:52 +1000)
committer	Matt Palmer <mpalmer@hezmatt.org>
	Thu, 5 Apr 2018 04:52:22 +0000 (14:52 +1000)