thib8956/nginx-proxy
1
0
Fork 0
mirror of https://github.com/thib8956/nginx-proxy synced 2024-11-22 11:56:31 +00:00
Code Issues Releases Wiki Activity

Fix comment about Mozilla Modern Policy and TLS1.3

Browse Source 
Thanks to @deAtog for pointing it out
This commit is contained in:
came88 2019-09-09 12:45:20 +02:00 committed by GitHub
parent 26e764950f
commit eba7d8af77
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
nginx.tmpl
View File

@ -25,7 +25,8 @@
{{ define "ssl_policy" }} {{ define "ssl_policy" }}
{{ if eq .ssl_policy "Mozilla-Modern" }} {{ if eq .ssl_policy "Mozilla-Modern" }}
ssl_protocols TLSv1.3; ssl_protocols TLSv1.3;
{{/* ssl_ciphers is undefined in the Mozilla-Modern policy /*}} {{/* nginx currently lacks ability to choose ciphers in TLS 1.3 in configuration, see https://trac.nginx.org/nginx/ticket/1529 /*}}
{{/* a possible workaround can be modify /etc/ssl/openssl.cnf to change it globally (see https://trac.nginx.org/nginx/ticket/1529#comment:12 ) /*}}
{{/* explicitly set ngnix default value in order to allow single servers to override the global http value */}} {{/* explicitly set ngnix default value in order to allow single servers to override the global http value */}}
ssl_ciphers HIGH:!aNULL:!MD5; ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers off; ssl_prefer_server_ciphers off;