Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Use modern SSL config for Nginx #1127
Drops TLSv1 and TLSv2.1 and updates the cipher suite.
Based off of h5bp's config: https://github.com/h5bp/server-configs-nginx/blob/611ed7507bc200b81867423f6061fe79b2f606e8/h5bp/ssl/policy_modern.conf Drops TLSv1 and TLSv2.1 and updates the cipher suite. Cipher suite compatibility details: https://cryptcheck.fr/suite/ECDHE+AES:!SHA TLS 1.2 compatibility: https://caniuse.com/#feat=tls1-2 TLS 1.3 compatibility: https://caniuse.com/#feat=tls1-3
Tested on a remote server. Looks good to me.
Question: Are we going to bundle the whole https://github.com/h5bp/server-configs-nginx/tree/28cb47df4227f8b8ae562e3a35e0d663a6593279/h5bp in Trellis?