|
|
@@ -37,8 +37,8 @@ http {
|
|
|
##
|
|
|
|
|
|
ssl_prefer_server_ciphers on;
|
|
|
- ssl_protocols TLSv1.1 TLSv1.2; # Dropping SSLv3/TLSv1, ref: POODLE
|
|
|
- ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA';
|
|
|
+ ssl_protocols TLSv1.2 TLSv1.3;
|
|
|
+ ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
|
|
|
ssl_dhparam /etc/ssl/dhparam.pem;
|
|
|
ssl_ecdh_curve secp384r1;
|
|
|
ssl_session_cache shared:SSL:10m;
|
