Update SSL config using Mozilla SSL Intermediate config

author Rafael dos Santos Silva <xfalcox@gmail.com>

Fri, 16 Aug 2019 19:11:28 +0000 (16:11 -0300)

committer Rafael dos Santos Silva <xfalcox@gmail.com>

Thu, 22 Aug 2019 20:59:35 +0000 (17:59 -0300)
author Rafael dos Santos Silva <xfalcox@gmail.com>
Fri, 16 Aug 2019 19:11:28 +0000 (16:11 -0300)
committer Rafael dos Santos Silva <xfalcox@gmail.com>
Thu, 22 Aug 2019 20:59:35 +0000 (17:59 -0300)
diff --git a/templates/web.ssl.template.yml b/templates/web.ssl.template.yml

index 8999c54e6459e4f6c07ace3cf2d2706e41f12f54..7bc4ef607e1ea92f988056b8fd789d6b2a5f1e6d 100644 (file)
--- a/templates/web.ssl.template.yml
+++ b/templates/web.ssl.template.yml
@@ -18,10 +18,9 @@ run:
       from: /listen 80;\s+gzip on;/m
       to: |
         listen 443 ssl http2;
-       ssl_protocols TLSv1.2;
-       ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA;
-       ssl_prefer_server_ciphers on;
-       ssl_ecdh_curve secp384r1:prime256v1;
+       ssl_protocols TLSv1.2 TLSv1.3;
+       ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+       ssl_prefer_server_ciphers off;
  
         ssl_certificate /shared/ssl/ssl.crt;
         ssl_certificate_key /shared/ssl/ssl.key;
author	Rafael dos Santos Silva <xfalcox@gmail.com>
	Fri, 16 Aug 2019 19:11:28 +0000 (16:11 -0300)
committer	Rafael dos Santos Silva <xfalcox@gmail.com>
	Thu, 22 Aug 2019 20:59:35 +0000 (17:59 -0300)