Add directive ssl_prefer_server_ciphers (#143)
This commit is contained in:
parent
e3902b6cb2
commit
c730f522f1
@ -380,6 +380,7 @@ nginx_http_template:
|
|||||||
dhparam: /etc/ssl/private/dh_param.pem
|
dhparam: /etc/ssl/private/dh_param.pem
|
||||||
protocols: TLSv1 TLSv1.1 TLSv1.2
|
protocols: TLSv1 TLSv1.1 TLSv1.2
|
||||||
ciphers: HIGH:!aNULL:!MD5
|
ciphers: HIGH:!aNULL:!MD5
|
||||||
|
prefer_server_ciphers: true
|
||||||
session_cache: none
|
session_cache: none
|
||||||
session_timeout: 5m
|
session_timeout: 5m
|
||||||
trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt
|
trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt
|
||||||
|
@ -192,6 +192,7 @@ nginx_http_template:
|
|||||||
dhparam: /etc/ssl/private/dh_param.pem
|
dhparam: /etc/ssl/private/dh_param.pem
|
||||||
protocols: TLSv1 TLSv1.1 TLSv1.2
|
protocols: TLSv1 TLSv1.1 TLSv1.2
|
||||||
ciphers: HIGH:!aNULL:!MD5
|
ciphers: HIGH:!aNULL:!MD5
|
||||||
|
prefer_server_ciphers: true
|
||||||
session_cache: none
|
session_cache: none
|
||||||
session_timeout: 5m
|
session_timeout: 5m
|
||||||
trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt
|
trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt
|
||||||
|
@ -66,6 +66,9 @@ server {
|
|||||||
{% if item.value.ssl.ciphers is defined and item.value.ssl.ciphers %}
|
{% if item.value.ssl.ciphers is defined and item.value.ssl.ciphers %}
|
||||||
ssl_ciphers {{ item.value.ssl.ciphers }};
|
ssl_ciphers {{ item.value.ssl.ciphers }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if item.value.ssl.prefer_server_ciphers is defined and item.value.ssl.prefer_server_ciphers %}
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
{% endif %}
|
||||||
{% if item.value.ssl.session_cache is defined and item.value.ssl.session_cache %}
|
{% if item.value.ssl.session_cache is defined and item.value.ssl.session_cache %}
|
||||||
ssl_session_cache {{ item.value.ssl.session_cache }};
|
ssl_session_cache {{ item.value.ssl.session_cache }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
Loading…
Reference in New Issue
Block a user