Skip to content

Commit

Permalink
Deprecate TLS v1.1, change ciphers
Browse files Browse the repository at this point in the history
  • Loading branch information
hweawer committed Dec 13, 2024
1 parent 1f6f59c commit 761014d
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions nginx/config/base.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
Expand Down Expand Up @@ -73,9 +73,9 @@ http {
ssl_verify_client on;
ssl_client_certificate {{.ssl_client_certificate}};
{{end}}
ssl_protocols TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_protocols TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5@SECLEVEL=1;
ssl_ciphers ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5:!SHA1:!aNULL:!eNULL@SECLEVEL=1;
##
# Logging Settings
Expand Down

0 comments on commit 761014d

Please sign in to comment.