Skip to content

Commit

Permalink
Make ssl_ciphers match SSL configurator “Modern”
Browse files Browse the repository at this point in the history 
This replaces the ssl_ciphers value with the current value from using “Modern”
at https://mozilla.github.io/server-side-tls/ssl-config-generator/
  • Loading branch information
@sideshowbarker
sideshowbarker committed Sep 5, 2017
1 parent f37c79a commit 03acfb9
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion debian/marquee/nginx/conf/whatwg.conf
View file
Expand Up @@ -7,7 +7,8 @@ ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256 EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !MD5 !EXP !PSK !SRP !DSS !MEDIUM !RC4 !CAMELLIA !3DES";

ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';

ssl_dhparam /etc/ssl/certs/dhparam.pem;

Expand Down

0 comments on commit 03acfb9

Please sign in to comment.