From bc96780d87bcaff321dddd084173238d8dca0bb9 Mon Sep 17 00:00:00 2001
From: pwalczysko <p.walczysko@dundee.ac.uk>
Date: Fri, 13 Dec 2024 15:31:42 +0000
Subject: [PATCH] Adjust protocols and ciphers as per workshop&outreach

---
 playbooks/templates/nginx-confdnestedincludes-ssl-conf.j2 | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/playbooks/templates/nginx-confdnestedincludes-ssl-conf.j2 b/playbooks/templates/nginx-confdnestedincludes-ssl-conf.j2
index cc323a39..940af0e2 100644
--- a/playbooks/templates/nginx-confdnestedincludes-ssl-conf.j2
+++ b/playbooks/templates/nginx-confdnestedincludes-ssl-conf.j2
@@ -10,6 +10,10 @@ ssl_certificate_key {{ ssl_certificate_key_path }};
 # http://nginx.org/en/docs/http/configuring_https_servers.html
 ssl_prefer_server_ciphers on;
 
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
+
+
 # HTTP Strict Transport Security (HSTS)
 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;