Upstream
/
harbor
mirror of https://github.com/goharbor/harbor.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

add strong_ssl_ciphers for nginx https jinja template (#18748) 

Signed-off-by: yminer <yminer@vmware.com>
This commit is contained in:
MinerYang 2023-05-29 21:57:15 +08:00 committed by GitHub
parent 04833d2daf
commit 14192dfb06
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
make/photon/prepare/templates/nginx/nginx.https.conf.jinja
View File

@ -59,7 +59,11 @@ http {
# Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl_protocols TLSv1.2 TLSv1.3;
{% if internal_tls.strong_ssl_ciphers %}
ssl_ciphers ECDHE+AESGCM:DHE+AESGCM:ECDHE+RSA+SHA256:DHE+RSA+SHA256:!AES128;
{% else %}
ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
{% endif %}
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;