Skip to content
Snippets Groups Projects
Commit bda77ac0 authored by nimrod's avatar nimrod
Browse files

Enable more modern ciphers.

Mainly ChaCha20. Also disable AESCCM (as per
https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
it's slow and uncommon).
parent f496744b
No related branches found
No related tags found
No related merge requests found
Pipeline #841 passed
......@@ -5,7 +5,7 @@ ssl_certificate /var/ssl/site.crt;
ssl_certificate_key /var/ssl/site.key;
ssl_dhparam /var/ssl/dhparams;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers !kRSA:!3DES:!RC4:!DES:!MD5:!aNULL:!NULL:AESGCM+ECDH:AES256+ECDH:AES128:+SHA1;
ssl_ciphers !AESCCM:!kRSA:!3DES:!RC4:!DES:!MD5:!aNULL:!NULL:AESGCM+ECDH:ECDH+CHACHA20:AES256+ECDH:AES128:CHACHA20:+SHA1;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment