File tree Expand file tree Collapse file tree 1 file changed +10
-3
lines changed Expand file tree Collapse file tree 1 file changed +10
-3
lines changed Original file line number Diff line number Diff line change 3535 # Option 2. Slightly better.
3636 # [WARNING] Slower and breaks some IE on mobiles.
3737 #ssl_ecdh_curve secp521r1;
38-
38+
3939 # Option 3. Allow either on modern systems.
4040 # [WARNING] Only for for nginx >= 1.11.0 and openssl >= 1.0.2
4141 #ssl_ecdh_curve secp521r1:secp384r1;
4444 #### Strict Transport Security
4545 # [WARNING] Strict-Transport-Security will stop HTTP access for specified time.
4646 # [OPTION] Include sub-domains with HSTS.
47-
47+
4848 # Option 1. [DEFAULT] Current domain only.
4949 add_header Strict-Transport-Security "max-age=31536000" always;
50-
50+
5151 # Option 2. includeSubDomains
5252 # [WARNING] This will block HTTP access to sub-domains.
5353 #add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always
5454
5555
5656 #### Preference & Protocols
5757 ssl_prefer_server_ciphers on;
58+ # [OPTION] Select SSL protocols.
59+
60+ # Option 1. [DEFAULT] TLSv1-1.2
5861 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
5962
63+ # Option 2. Enable TLSv1.3
64+ # [WARNING] Requires Nginx >=1.13.0 && OpenSSL >=1.1.1 built with TLSv1.3
65+ #ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
66+
6067
6168 #### Cipher List
6269 # [OPTION] Pick on Cipher List from Below.
You can’t perform that action at this time.
0 commit comments