thib8956/nginx-proxy
1
0
Fork 0
mirror of https://github.com/thib8956/nginx-proxy synced 2025-02-24 09:48:14 +00:00
Code Issues Releases Wiki Activity

fix: re-enable TLSv1 and TLSv1.1 on relevant policies

Browse Source
This commit is contained in:
Nicolas Duchon 2024-09-29 00:15:45 +02:00
parent 246da3ff85
commit 3ba0678ce5
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
nginx.tmpl
View File

@ -436,7 +436,21 @@ log_format vhost {{ $logEscape }} '{{ or $globals.Env.LOG_FORMAT $logFormat }}';
access_log off; access_log off;
{{- template "ssl_policy" (dict "ssl_policy" $globals.ssl_policy) }} {{- /* Lower the SSL policy of the http context
* if at least one vhost use a TLSv1 or TLSv1.1 policy
* so TLSv1 and TLSv1.1 can be enabled on those vhosts
*/}}
{{- $httpContextSslPolicy := $globals.ssl_policy }}
{{- $inUseSslPolicies := groupByKeys $globals.containers "Env.SSL_POLICY" }}
{{- range $tls1Policy := list "AWS-TLS13-1-1-2021-06" "AWS-TLS13-1-0-2021-06" "AWS-FS-1-1-2019-08" "AWS-FS-2018-06" "AWS-TLS-1-1-2017-01" "AWS-2016-08" "AWS-2015-05" "AWS-2015-03" "AWS-2015-02" "Mozilla-Old" }}
{{- if has $tls1Policy $inUseSslPolicies }}
# Using Mozilla-Old SSL policy on the http context to allow TLSv1 and TLSv1.1
{{- $httpContextSslPolicy = "Mozilla-Old" }}
{{- break }}
{{- end }}
{{- end }}
{{- template "ssl_policy" (dict "ssl_policy" $httpContextSslPolicy) }}
error_log /dev/stderr; error_log /dev/stderr;
{{- if $globals.Env.RESOLVERS }} {{- if $globals.Env.RESOLVERS }}