Updated default TLS and ecdh curve; (#69)

Added TLS 1.3 to the defaults and added prime256 to ecdh curve selection

Reviewed-on: #69
Reviewed-by: meaz <meaz@no-reply@disroot.org>
Co-authored-by: muppeth <muppeth@disroot.org>
Co-committed-by: muppeth <muppeth@disroot.org>
This commit is contained in:
muppeth 2024-07-29 08:35:39 +02:00 committed by muppeth
parent 85634f409e
commit 1c8f115983

View file

@ -62,9 +62,9 @@ nginx_selfsigned_deps:
nginx_gen_dh: 'false'
nginx_dh_path: '{{ nginx_ssl_dir }}/dhparam.pem'
nginx_dh_length: 4096
nginx_ssl_protocols: 'TLSv1.2'
nginx_ssl_protocols: 'TLSv1.2 TLSv1.3'
nginx_ssl_ciphers: 'EECDH+AESGCM:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305'
nginx_ssl_ecdh_curve: 'secp384r1'
nginx_ssl_ecdh_curve: 'prime256v1:secp384r1'
letsencrypt_webroot_path: ''
install_letsencrypt: 'false'