Add new TLS policy 'future' (#211)

This new TLS policy embraces the best security practices and performance characteristics by sacrificing compatibility with older clients.

h5bp/ssl/policy_future.conf

@@ -0,0 +1,45 @@
+# ----------------------------------------------------------------------
+# | SSL policy - Future                                                |
+# ----------------------------------------------------------------------
+
+# For services that want to be on the bleeding edge, the parameters
+# below sacrifice compatibility for the highest level of security & performance
+#
+# (!) TLSv1.3 and it's 0-RTT feature require NGINX >=1.15.4 and OpenSSL >=1.1.1
+#     to be installed.
+#
+# (!) Don't enable `ssl_early_data` blindly! Requests sent within early data are
+#     subject to replay attacks.
+#
+# (1) The NIST curves (prime256v1, secp384r1, secp521r1) are known to be weak
+#     and potentially vulnerable.
+#
+#     Add them back to the parameter `ssl_ecdh_curve` below to support
+#     Microsoft Edge and Safari.
+#
+#     https://safecurves.cr.yp.to/
+#
+# (2) Enables TLS 1.3 0-RTT, allows for faster resumption of TLS sessions.
+#
+# (!) Requests sent within early data are subject to replay attacks.
+#     To protect against such attacks at the application layer, the
+#     $ssl_early_data variable should be used:
+#       proxy_set_header Early-Data $ssl_early_data;
+#
+#     The application should return response code 425 for anything that
+#     could contain user supplied data.
+#
+#     https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/425
+#
+# https://github.com/certbot/certbot/issues/6367
+# https://github.com/mozilla/server-side-tls/issues/217
+# https://nginx.org/en/docs/http/ngx_http_ssl_module.html
+
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers EECDH+CHACHA20:EECDH+AES;
+
+# (1)
+ssl_ecdh_curve X25519;
+
+# (2)
+#ssl_early_data on;