2018-11-25 19:36:21 +01:00
|
|
|
# ----------------------------------------------------------------------
|
|
|
|
# | SSL policy - Modern |
|
|
|
|
# ----------------------------------------------------------------------
|
|
|
|
|
|
|
|
# For services that don't need backward compatibility, the parameters
|
|
|
|
# below provide a higher level of security.
|
|
|
|
#
|
|
|
|
# (!) This policy enfore a strong SSL configuration, which may raise
|
|
|
|
# errors with old clients.
|
|
|
|
# If a more compatible profile is required, use intermediate policy.
|
|
|
|
#
|
|
|
|
# https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
|
|
|
|
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html
|
|
|
|
|
|
|
|
ssl_protocols TLSv1.2;
|
|
|
|
ssl_ciphers EECDH+CHACHA20:EECDH+AES;
|
2018-11-30 08:57:38 +01:00
|
|
|
ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
|
2018-11-25 19:36:21 +01:00
|
|
|
ssl_prefer_server_ciphers on;
|