Skip to content

Commit

Permalink
Merge pull request #595 from sneak/patch-1
Browse files Browse the repository at this point in the history 
Enforce the same TLS settings for all TLS vhosts
  • Loading branch information
@githubsaturn
githubsaturn committed Feb 8, 2020
2 parents d09b6e2 + 0f6cf79 commit 4a18fe0
Showing 1 changed file with 10 additions and 0 deletions.
10 changes: 10 additions & 0 deletions template/root-nginx-conf.ejs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,11 @@
listen 443 ssl;
ssl_certificate <%-fake.crtPath%>;
ssl_certificate_key <%-fake.keyPath%>;

# Mozilla Intermediate configuration. tweak to your needs.
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;

server_name _;

Expand Down Expand Up @@ -117,6 +122,11 @@
listen 443 ssl;
ssl_certificate <%-registry.crtPath%>;
ssl_certificate_key <%-registry.keyPath%>;
# Mozilla Intermediate configuration. tweak to your needs.
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
<%
}
%>
Expand Down

0 comments on commit 4a18fe0

Please sign in to comment.