Skip to content

Commit

Permalink
Adjust protocols and ciphers as per workshop&outreach
Browse files Browse the repository at this point in the history
  • Loading branch information
@pwalczysko
pwalczysko committed Dec 13, 2024
1 parent 4d7c2f6 commit bc96780
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions playbooks/templates/nginx-confdnestedincludes-ssl-conf.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,10 @@ ssl_certificate_key {{ ssl_certificate_key_path }};
# http://nginx.org/en/docs/http/configuring_https_servers.html
ssl_prefer_server_ciphers on;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;


# HTTP Strict Transport Security (HSTS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

Expand Down

0 comments on commit bc96780

Please sign in to comment.