updated default TLS and scdh curve;

2024-07-29 06:33:09 +02:00 · 2024-07-29 06:33:09 +02:00 · 3ea11e984b
commit 3ea11e984b
parent 85634f409e
1 changed files with 2 additions and 2 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -62,9 +62,9 @@ nginx_selfsigned_deps:
 nginx_gen_dh: 'false'
 nginx_dh_path: '{{ nginx_ssl_dir }}/dhparam.pem'
 nginx_dh_length: 4096
-nginx_ssl_protocols: 'TLSv1.2'
+nginx_ssl_protocols: 'TLSv1.2 TLSv1.3'
 nginx_ssl_ciphers: 'EECDH+AESGCM:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305'
-nginx_ssl_ecdh_curve: 'secp384r1'
+nginx_ssl_ecdh_curve: 'prime256v1:secp384r1'

 letsencrypt_webroot_path: ''
 install_letsencrypt: 'false'