thib8956/nginx-proxy
1
0
Fork 0
mirror of https://github.com/thib8956/nginx-proxy synced 2025-02-24 09:48:14 +00:00
Code Issues Releases Wiki Activity

docs: warn about TLSv1 / TLSv1.1 being available only on debian

Browse Source
This commit is contained in:
Nicolas Duchon 2024-10-06 16:01:58 +02:00
parent 3ba0678ce5
commit ac0a4ca826
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/README.md
View File

@ -480,6 +480,7 @@ Complete list of policies available through the `SSL_POLICY` environment variabl
<a href="https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility" target="_blank"> <a href="https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility" target="_blank">
<code>Mozilla-Old</code> <code>Mozilla-Old</code>
</a> </a>
(this policy should use a 1024 bits DH key for compatibility but this container provides a 4096 bits key. The <a href="#diffie-hellman-groups">Diffie-Hellman Groups</a> section details different methods of bypassing this, either globally or per virtual-host.)
</li> </li>
</ul> </ul>
</details> </details>
@ -562,7 +563,7 @@ Complete list of policies available through the `SSL_POLICY` environment variabl
</details> </details>
</br> </br>
Note that the `Mozilla-Old` policy should use a 1024 bits DH key for compatibility but this container provides a 4096 bits key. The [Diffie-Hellman Groups](#diffie-hellman-groups) section details different methods of bypassing this, either globally or per virtual-host. :warning: Please note that TLSv1 and TLSv1.1 are only available on the debian based image due to the way OpenSSL is configured on upstream Alpine images.
The default behavior for the proxy when port 80 and 443 are exposed is as follows: The default behavior for the proxy when port 80 and 443 are exposed is as follows: