From 135ca37e3f3c7aa393c875b89ca921557f3e8f49 Mon Sep 17 00:00:00 2001
From: malmor <62105800+malmor@users.noreply.github.com>
Date: Fri, 26 May 2023 04:29:54 +0200
Subject: [PATCH] Add support for TLSv1.3 in nginx configurations (#18659)

Signed-off-by: malmor <62105800+malmor@users.noreply.github.com>
Co-authored-by: MinerYang <yminer@vmware.com>
---
 make/photon/prepare/templates/nginx/nginx.https.conf.jinja | 2 +-
 make/photon/prepare/templates/portal/nginx.conf.jinja      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/make/photon/prepare/templates/nginx/nginx.https.conf.jinja b/make/photon/prepare/templates/nginx/nginx.https.conf.jinja
index 6573d3204..57197d434 100644
--- a/make/photon/prepare/templates/nginx/nginx.https.conf.jinja
+++ b/make/photon/prepare/templates/nginx/nginx.https.conf.jinja
@@ -58,7 +58,7 @@ http {
     ssl_certificate_key {{ssl_cert_key}};
 
     # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
-    ssl_protocols TLSv1.2;
+    ssl_protocols TLSv1.2 TLSv1.3;
     ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
     ssl_prefer_server_ciphers on;
     ssl_session_cache shared:SSL:10m;
diff --git a/make/photon/prepare/templates/portal/nginx.conf.jinja b/make/photon/prepare/templates/portal/nginx.conf.jinja
index 140a49b1f..7f250a315 100644
--- a/make/photon/prepare/templates/portal/nginx.conf.jinja
+++ b/make/photon/prepare/templates/portal/nginx.conf.jinja
@@ -22,7 +22,7 @@ http {
         ssl_certificate_key /etc/harbor/tls/portal.key;
 
         # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
-        ssl_protocols TLSv1.2;
+        ssl_protocols TLSv1.2 TLSv1.3;
         ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
         ssl_prefer_server_ciphers on;
         ssl_session_cache shared:SSL:10m;