From f0b3fd25ce87a58df9fba4c98f0e05b931427196 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9o=20Colombaro?= Date: Tue, 29 Dec 2020 18:22:16 +0100 Subject: [PATCH] Improve writing [ci skip] --- h5bp/ssl/policy_modern.conf | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/h5bp/ssl/policy_modern.conf b/h5bp/ssl/policy_modern.conf index e89cbd4..399fa83 100644 --- a/h5bp/ssl/policy_modern.conf +++ b/h5bp/ssl/policy_modern.conf @@ -5,7 +5,7 @@ # For services that want to be on the bleeding edge, the parameters below # sacrifice compatibility for the highest level of security and performance. # -# (!) TLSv1.3 and it's 0-RTT feature require NGINX >=1.15.4 and OpenSSL >=1.1.1 +# (!) TLSv1.3 and its 0-RTT feature require NGINX >=1.15.4 and OpenSSL >=1.1.1 # to be installed. # # (!) Don't enable `ssl_early_data` blindly! Requests sent within early data are @@ -23,8 +23,9 @@ # # (!) Requests sent within early data are subject to replay attacks. # To protect against such attacks at the application layer, the -# $ssl_early_data variable should be used: -# proxy_set_header Early-Data $ssl_early_data; +# `$ssl_early_data` variable should be used: +# +# proxy_set_header Early-Data $ssl_early_data; # # The application should return response code 425 "Too Early" for anything # that could contain user supplied data.