From c0a6db614e01263ff0ba11c22182239aa9a61ffe Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Sat, 7 May 2022 13:33:07 +0300
Subject: [PATCH] Another stab at removing weak cipher suites.

---
 snippets/ssl-modern.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/snippets/ssl-modern.conf b/snippets/ssl-modern.conf
index ac45af1..83bd9da 100644
--- a/snippets/ssl-modern.conf
+++ b/snippets/ssl-modern.conf
@@ -1,4 +1,4 @@
 # vim: ft=nginx
 include                     snippets/ssl-common.conf;
 ssl_protocols               TLSv1.2 TLSv1.3;
-ssl_ciphers                 CHACHA20:DHE:ECDHE:!NULL:!AES128:!ARIA128:!CAMELLIA128:!SHA1:!kRSA;
+ssl_ciphers                 HIGH:!NULL:!AES128:!ARIA128:!CAMELLIA:!SHA1:!kRSA:!DHE+SHA256:!ECDHE+SHA256;
-- 
GitLab