mirror of
https://github.com/thib8956/nginx-proxy
synced 2024-12-25 03:56:31 +00:00
Update doc for mozilla modern profile
This commit is contained in:
parent
ea98780960
commit
56fb58cc6f
@ -238,14 +238,19 @@ and `CERT_NAME=shared` will then use this shared cert.
|
||||
|
||||
#### How SSL Support Works
|
||||
|
||||
The SSL cipher configuration is based on the [Mozilla nginx intermediate profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx) which
|
||||
The default SSL cipher configuration is based on the [Mozilla intermediate profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29) which
|
||||
should provide compatibility with clients back to Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1,
|
||||
Windows XP IE8, Android 2.3, Java 7. Note that the DES-based TLS ciphers were removed for security.
|
||||
The configuration also enables HSTS, PFS, OCSP stapling and SSL session caches. Currently TLS 1.0, 1.1 and 1.2
|
||||
are supported. TLS 1.0 is deprecated but its end of life is not until June 30, 2018. It is being
|
||||
are supported. TLS 1.0 is deprecated but its end of life is not until June 30, 2018. It is being
|
||||
included because the following browsers will stop working when it is removed: Chrome < 22, Firefox < 27,
|
||||
IE < 11, Safari < 7, iOS < 5, Android Browser < 5.
|
||||
|
||||
If you don't require backward compatibility, you can use the [Mozilla modern profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility)
|
||||
profile instead by including the environment variable `MODERN_SSL=true` to your container.
|
||||
This profile is compatible with clients back to Firefox 27, Chrome 30, IE 11 on Windows 7,
|
||||
Edge, Opera 17, Safari 9, Android 5.0, and Java 8.
|
||||
|
||||
The default behavior for the proxy when port 80 and 443 are exposed is as follows:
|
||||
|
||||
* If a container has a usable cert, port 80 will redirect to 443 for that container so that HTTPS
|
||||
|
Loading…
Reference in New Issue
Block a user