Update ssl_options; new ciphers etc (#2)

Update ciphers, update cache to only use TLS

Closes #1

Co-authored-by: dbraeuer@bounty <d.braeuer@heinlein-support.de>
Reviewed-on: #2
Co-authored-by: ahab <obermui@schoeneberge.eu>
Co-committed-by: ahab <obermui@schoeneberge.eu>
This commit is contained in:
ahab 2021-07-20 07:05:11 +00:00 committed by 6543
parent 55ef0e082a
commit 2c52a3e11a

View File

@ -1,9 +1,9 @@
ssl_session_timeout 1d; ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m; ssl_session_cache shared:TLS:1m;
ssl_session_tickets off; ssl_session_tickets off;


ssl_protocols TLSv1.2 TLSv1.3; ssl_protocols TLSv1.3 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_ciphers 'EECDH+AESGCM:EECDH+AES256 !aNULL:!MD5';
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem; ssl_dhparam /etc/ssl/certs/dhparam.pem;