Remove tls1.1 in notary

Signed-off-by: DQ <dengq@vmware.com>
This commit is contained in:
DQ 2020-05-26 16:11:57 +08:00
parent c10c04c5f7
commit 715685ae51

View File

@ -6,7 +6,7 @@
ssl_certificate_key {{ssl_cert_key}};
# recommendations from https://raymii.org/s/tutorials/strong_ssl_security_on_nginx.html
ssl_protocols tlsv1.1 tlsv1.2;
ssl_protocols tlsv1.2;
ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:ssl:10m;