install/nginx
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Support TLSv1.3, disable TLSv1 TLSv1.1 by default.

Browse Source
This commit is contained in:
Christoph 2020-03-29 12:10:55 +02:00
parent d9bcaa6c7a
commit cb0c7234a1
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
install_nginx.sh
View File

@ -307,7 +307,10 @@ server {
ssl_session_timeout 10m; ssl_session_timeout 10m;
ssl_session_tickets off; ssl_session_tickets off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # omit SSLv3 because of POODLE #ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # omit SSLv3 because of POODLE
# omit SSLv3 because of POODLE
# omit TLSv1 TLSv1.1
ssl_protocols TLSv1.2 TLSv1.3;
# ECDHE better than DHE (faster) ECDHE & DHE GCM better than CBC (attacks on AES) # ECDHE better than DHE (faster) ECDHE & DHE GCM better than CBC (attacks on AES)
# Everything better than SHA1 (deprecated) # Everything better than SHA1 (deprecated)