nginx: Remove TLSv1.1 support

Signed-off-by: Jakub Onderka <jakub.onderka@gmail.com>
This commit is contained in:
Jakub Onderka 2019-08-07 17:44:43 +02:00 committed by Jakub Onderka
parent f3ba25f656
commit 8f83310022

View File

@ -39,7 +39,7 @@ http {
ssl_certificate_key {{ssl_cert_key}};
# Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl_protocols TLSv1.1 TLSv1.2;
ssl_protocols TLSv1.2;
ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;