mirror of
https://git.bsd.gay/fef/nyastodon.git
synced 2024-12-25 05:13:40 +01:00
Add suggestion for secure cyphers to nginx.conf (#26349)
This commit is contained in:
parent
430eac3eb1
commit
cb9f96036c
1 changed files with 5 additions and 1 deletions
6
dist/nginx.conf
vendored
6
dist/nginx.conf
vendored
|
@ -36,7 +36,11 @@ server {
|
||||||
server_name example.com;
|
server_name example.com;
|
||||||
|
|
||||||
ssl_protocols TLSv1.2 TLSv1.3;
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
|
|
||||||
|
# You can use https://ssl-config.mozilla.org/ to generate your cipher set.
|
||||||
|
# We recommend their "Intermediate" level.
|
||||||
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
|
||||||
|
|
||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
ssl_session_cache shared:SSL:10m;
|
ssl_session_cache shared:SSL:10m;
|
||||||
ssl_session_tickets off;
|
ssl_session_tickets off;
|
||||||
|
|
Loading…
Reference in a new issue