Skip to content
Snippets Groups Projects
Commit 8b87dc19 authored by MichiK's avatar MichiK
Browse files

Improve Nginx HTTPS configuration with better ciphers and TLS 1.3

parent fc442965
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
roles/nginx-https/defaults/main.yml
+ 2
2
View file @ 8b87dc19
nginx_ssl_protocols: "TLSv1.2"
nginx_ssl_ciphers: "TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256"
nginx_ssl_protocols: "TLSv1.3 TLSv1.2"
nginx_ssl_ciphers: "TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256"
nginx_ssl_dhparam: "/etc/ssl/certs/dh4096.pem"
nginx_ssl_dhparam_bits: 4096
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment