From c2b0a5a519f1c2e82b2b14b173b492bb71adce15 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Sat, 7 May 2022 12:24:46 +0300
Subject: [PATCH] Remove RSA key exchange from the modern SSL config.

SSL Labs' test complains that it doesn't offer forward secrecy.
---
 snippets/ssl-modern.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/snippets/ssl-modern.conf b/snippets/ssl-modern.conf
index ea0b317..3b4adf0 100644
--- a/snippets/ssl-modern.conf
+++ b/snippets/ssl-modern.conf
@@ -1,4 +1,4 @@
 # vim: ft=nginx
 include                     snippets/ssl-common.conf;
 ssl_protocols               TLSv1.2 TLSv1.3;
-ssl_ciphers                 HIGH:!NULL:!AES128:!ARIA128:!CAMELLIA128:!SHA1;
+ssl_ciphers                 HIGH:!NULL:!AES128:!ARIA128:!CAMELLIA128:!SHA1:!kRSA;
-- 
GitLab