From c51c9980cf8f36bac521c061e01a5b3cce984196 Mon Sep 17 00:00:00 2001
From: Steve Kamerman <stevekamerman@gmail.com>
Date: Thu, 29 Sep 2016 19:52:20 -0400
Subject: [PATCH] Removed TLS 1.0 as it is considered unsafe and must be
 disabled for PCI compliance

---
 nginx.tmpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nginx.tmpl b/nginx.tmpl
index b6629f5..626f508 100644
--- a/nginx.tmpl
+++ b/nginx.tmpl
@@ -143,7 +143,7 @@ server {
 	listen 443 ssl http2 {{ $default_server }};
 	access_log /var/log/nginx/access.log vhost;
 
-	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+	ssl_protocols TLSv1.1 TLSv1.2;
 	ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
 
 	ssl_prefer_server_ciphers on;