Skip to content

Commit 7a19308

Browse files
authored
Merge branch 'fix_ssl_ciphers' of 'https://github.com/zhquan/bap-deployment-toolkit'
Merges #118 Closes #118
2 parents 2012174 + 64400b2 commit 7a19308

File tree

1 file changed

+3
-2
lines changed

1 file changed

+3
-2
lines changed

ansible/roles/nginx/templates/vhost.j2

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -19,8 +19,9 @@ server {
1919
ssl_certificate_key /etc/ssl/certbot_certs/live/{{ instance.nginx.fqdn }}/privkey.pem;
2020
{% endif %}
2121
ssl_protocols TLSv1.3 TLSv1.2;
22-
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
23-
ssl_prefer_server_ciphers on;
22+
ssl_ecdh_curve X25519:prime256v1:secp384r1;
23+
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256;
24+
ssl_prefer_server_ciphers off;
2425
ssl_stapling on;
2526
ssl_stapling_verify on;
2627
ssl_session_cache shared:SSL:10m;

0 commit comments

Comments
 (0)