From 76ef061be7be991fb242dea7d410512abd97b32e Mon Sep 17 00:00:00 2001
From: "dbraeuer@bounty" <d.braeuer@heinlein-support.de>
Date: Mon, 19 Jul 2021 19:02:52 +0200
Subject: [PATCH] update ssl_options; new ciphers etc

---
 snippets/ssl_options.conf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/snippets/ssl_options.conf b/snippets/ssl_options.conf
index ab2ca69..01bb5e4 100644
--- a/snippets/ssl_options.conf
+++ b/snippets/ssl_options.conf
@@ -1,9 +1,9 @@
 ssl_session_timeout 1d;
-ssl_session_cache shared:SSL:50m;
+ssl_session_cache shared:TLS:1m;
 ssl_session_tickets off;
 
-ssl_protocols TLSv1.2 TLSv1.3;
-ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+ssl_protocols TLSv1.3 TLSv1.2;
+ssl_ciphers 'EECDH+AESGCM:EECDH+AES256 !aNULL:!MD5';
 ssl_prefer_server_ciphers on;
 ssl_dhparam /etc/ssl/certs/dhparam.pem;
 
-- 
2.47.1