README.install: change ssl_ciphers.

2021-10-04 00:51:41 +02:00 · 2021-10-04 00:51:41 +02:00 · 3f772a8f81
commit 3f772a8f81
parent 930dfd4867
1 changed files with 1 additions and 1 deletions
--- a/README.install
+++ b/README.install
@ -233,7 +233,7 @@ server {
   # ECDHE better than DHE (faster)  ECDHE & DHE GCM better than CBC (attacks on AES)
   # Everything better than SHA1 (deprecated)
   #
-   ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA';
+   ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-ARIA256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-ARIA128-GCM-SHA256';
   ssl_prefer_server_ciphers on;

   ssl_certificate /var/lib/dehydrated/certs/${FQHN}/fullchain.pem;