mirror of
https://github.com/thib8956/nginx-proxy
synced 2024-11-22 03:46:29 +00:00
Fix comment about Mozilla Modern Policy and TLS1.3
Thanks to @deAtog for pointing it out
This commit is contained in:
parent
26e764950f
commit
eba7d8af77
@ -25,7 +25,8 @@
|
|||||||
{{ define "ssl_policy" }}
|
{{ define "ssl_policy" }}
|
||||||
{{ if eq .ssl_policy "Mozilla-Modern" }}
|
{{ if eq .ssl_policy "Mozilla-Modern" }}
|
||||||
ssl_protocols TLSv1.3;
|
ssl_protocols TLSv1.3;
|
||||||
{{/* ssl_ciphers is undefined in the Mozilla-Modern policy /*}}
|
{{/* nginx currently lacks ability to choose ciphers in TLS 1.3 in configuration, see https://trac.nginx.org/nginx/ticket/1529 /*}}
|
||||||
|
{{/* a possible workaround can be modify /etc/ssl/openssl.cnf to change it globally (see https://trac.nginx.org/nginx/ticket/1529#comment:12 ) /*}}
|
||||||
{{/* explicitly set ngnix default value in order to allow single servers to override the global http value */}}
|
{{/* explicitly set ngnix default value in order to allow single servers to override the global http value */}}
|
||||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||||
ssl_prefer_server_ciphers off;
|
ssl_prefer_server_ciphers off;
|
||||||
|
Loading…
Reference in New Issue
Block a user