# ---------------------------------------------------------------------- # | SSL policy - Modern | # ---------------------------------------------------------------------- # For services that want to be on the bleeding edge, the parameters # below sacrifice compatibility for the highest level of security # and performance. # # (!) TLSv1.3 and it's 0-RTT feature require NGINX >=1.15.4 and OpenSSL >=1.1.1 # to be installed. # # (!) Don't enable `ssl_early_data` blindly! Requests sent within early data are # subject to replay attacks. # # (1) The NIST curves (prime256v1, secp384r1, secp521r1) are known to be weak # and potentially vulnerable. # # Add them back to the parameter `ssl_ecdh_curve` below to support # Microsoft Edge and Safari. # # https://safecurves.cr.yp.to/ # # (2) Enables TLS 1.3 0-RTT, allows for faster resumption of TLS sessions. # # (!) Requests sent within early data are subject to replay attacks. # To protect against such attacks at the application layer, the # $ssl_early_data variable should be used: # proxy_set_header Early-Data $ssl_early_data; # # The application should return response code 425 for anything that # could contain user supplied data. # # https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/425 # # https://github.com/certbot/certbot/issues/6367 # https://github.com/mozilla/server-side-tls/issues/217 # https://nginx.org/en/docs/http/ngx_http_ssl_module.html ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers EECDH+CHACHA20:EECDH+AES; # (1) ssl_ecdh_curve X25519; # (2) #ssl_early_data on;