gaja-group
/
server-configs-nginx
mirror of https://github.com/h5bp/server-configs-nginx
2
0
Fork 0
Code Issues Releases Wiki Activity

Set `ssl_prefer_server_ciphers` to `off` (#328) 

Co-authored-by: Léo Colombaro <git@colombaro.fr>
This commit is contained in:
avj 2023-02-24 16:24:52 -05:00 committed by GitHub
parent e4bdb97006
commit 22abda7495
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
h5bp/tls/ssl_engine.conf
View File

@ -25,7 +25,10 @@
# https://trac.nginx.org/nginx/changeset/1356a3b9692441e163b4e78be4e9f5a46c7479e9/nginx # https://trac.nginx.org/nginx/changeset/1356a3b9692441e163b4e78be4e9f5a46c7479e9/nginx
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_tickets # https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_tickets
# #
# (5) Basic security improvements # (5) The TLS 1.2 and 1.3 ciphers in use in current policies are not considered
# dangerous. This directive let the client choose the one that best fits their needs.
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_prefer_server_ciphers
# https://wiki.mozilla.org/Security/Server_Side_TLS
# (1) # (1)
ssl_session_timeout 24h; ssl_session_timeout 24h;
@ -41,4 +44,4 @@ keepalive_timeout 300s;
ssl_session_tickets off; ssl_session_tickets off;
# (5) # (5)
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers off;