1
0
mirror of https://github.com/thib8956/nginx-proxy synced 2024-11-22 03:46:29 +00:00

Fix comment about Mozilla Modern Policy and TLS1.3

Thanks to @deAtog for pointing it out
This commit is contained in:
came88 2019-09-09 12:45:20 +02:00 committed by GitHub
parent 26e764950f
commit eba7d8af77
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -25,7 +25,8 @@
{{ define "ssl_policy" }} {{ define "ssl_policy" }}
{{ if eq .ssl_policy "Mozilla-Modern" }} {{ if eq .ssl_policy "Mozilla-Modern" }}
ssl_protocols TLSv1.3; ssl_protocols TLSv1.3;
{{/* ssl_ciphers is undefined in the Mozilla-Modern policy /*}} {{/* nginx currently lacks ability to choose ciphers in TLS 1.3 in configuration, see https://trac.nginx.org/nginx/ticket/1529 /*}}
{{/* a possible workaround can be modify /etc/ssl/openssl.cnf to change it globally (see https://trac.nginx.org/nginx/ticket/1529#comment:12 ) /*}}
{{/* explicitly set ngnix default value in order to allow single servers to override the global http value */}} {{/* explicitly set ngnix default value in order to allow single servers to override the global http value */}}
ssl_ciphers HIGH:!aNULL:!MD5; ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers off; ssl_prefer_server_ciphers off;