Updated default TLS and ecdh curve; (#69)
Added TLS 1.3 to the defaults and added prime256 to ecdh curve selection Reviewed-on: #69 Reviewed-by: meaz <meaz@no-reply@disroot.org> Co-authored-by: muppeth <muppeth@disroot.org> Co-committed-by: muppeth <muppeth@disroot.org>
This commit is contained in:
parent
85634f409e
commit
1c8f115983
1 changed files with 2 additions and 2 deletions
|
@ -62,9 +62,9 @@ nginx_selfsigned_deps:
|
|||
nginx_gen_dh: 'false'
|
||||
nginx_dh_path: '{{ nginx_ssl_dir }}/dhparam.pem'
|
||||
nginx_dh_length: 4096
|
||||
nginx_ssl_protocols: 'TLSv1.2'
|
||||
nginx_ssl_protocols: 'TLSv1.2 TLSv1.3'
|
||||
nginx_ssl_ciphers: 'EECDH+AESGCM:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305'
|
||||
nginx_ssl_ecdh_curve: 'secp384r1'
|
||||
nginx_ssl_ecdh_curve: 'prime256v1:secp384r1'
|
||||
|
||||
letsencrypt_webroot_path: ''
|
||||
install_letsencrypt: 'false'
|
||||
|
|
Loading…
Reference in a new issue