server-configs-nginx/h5bp/ssl/policy_modern.conf

19 lines
794 B
Nginx Configuration File
Raw Normal View History

# ----------------------------------------------------------------------
# | SSL policy - Modern |
# ----------------------------------------------------------------------
# For services that don't need backward compatibility, the parameters
# below provide a higher level of security.
#
# (!) This policy enfore a strong SSL configuration, which may raise
# errors with old clients.
# If a more compatible profile is required, use intermediate policy.
#
# https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html
ssl_protocols TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AES;
ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
ssl_prefer_server_ciphers on;