1
0
mirror of https://github.com/thib8956/nginx-proxy synced 2024-11-22 11:56:31 +00:00

Update doc for mozilla modern profile

This commit is contained in:
Nicolas Duchon 2017-10-27 10:10:00 +02:00
parent ea98780960
commit 56fb58cc6f

View File

@ -238,7 +238,7 @@ and `CERT_NAME=shared` will then use this shared cert.
#### How SSL Support Works #### How SSL Support Works
The SSL cipher configuration is based on the [Mozilla nginx intermediate profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx) which The default SSL cipher configuration is based on the [Mozilla intermediate profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29) which
should provide compatibility with clients back to Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, should provide compatibility with clients back to Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1,
Windows XP IE8, Android 2.3, Java 7. Note that the DES-based TLS ciphers were removed for security. Windows XP IE8, Android 2.3, Java 7. Note that the DES-based TLS ciphers were removed for security.
The configuration also enables HSTS, PFS, OCSP stapling and SSL session caches. Currently TLS 1.0, 1.1 and 1.2 The configuration also enables HSTS, PFS, OCSP stapling and SSL session caches. Currently TLS 1.0, 1.1 and 1.2
@ -246,6 +246,11 @@ are supported. TLS 1.0 is deprecated but its end of life is not until June 30,
included because the following browsers will stop working when it is removed: Chrome < 22, Firefox < 27, included because the following browsers will stop working when it is removed: Chrome < 22, Firefox < 27,
IE < 11, Safari < 7, iOS < 5, Android Browser < 5. IE < 11, Safari < 7, iOS < 5, Android Browser < 5.
If you don't require backward compatibility, you can use the [Mozilla modern profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility)
profile instead by including the environment variable `MODERN_SSL=true` to your container.
This profile is compatible with clients back to Firefox 27, Chrome 30, IE 11 on Windows 7,
Edge, Opera 17, Safari 9, Android 5.0, and Java 8.
The default behavior for the proxy when port 80 and 443 are exposed is as follows: The default behavior for the proxy when port 80 and 443 are exposed is as follows:
* If a container has a usable cert, port 80 will redirect to 443 for that container so that HTTPS * If a container has a usable cert, port 80 will redirect to 443 for that container so that HTTPS