Update Certbot Nginx SSL options
This commit is contained in:
parent
71b98452bb
commit
5d3d0c380d
|
@ -4,10 +4,11 @@
|
|||
# the up-to-date file that you will need to refer to when manually updating
|
||||
# this file.
|
||||
|
||||
ssl_session_cache shared:le_nginx_SSL:1m;
|
||||
ssl_session_cache shared:le_nginx_SSL:10m;
|
||||
ssl_session_timeout 1440m;
|
||||
ssl_session_tickets off;
|
||||
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_prefer_server_ciphers off;
|
||||
|
||||
ssl_ciphers "{{ common__certbot__nginx_ssl_ciphers | join(':') }}";
|
||||
|
|
|
@ -21,34 +21,11 @@ common__apache__enabled_dir: '{{ common__apache__conf_dir }}/sites-enabled'
|
|||
common__apache__snippets_dir: '{{ common__apache__conf_dir }}/snippets'
|
||||
|
||||
common__certbot__nginx_ssl_ciphers:
|
||||
- 'ECDHE-ECDSA-CHACHA20-POLY1305'
|
||||
- 'ECDHE-RSA-CHACHA20-POLY1305'
|
||||
- 'ECDHE-ECDSA-AES128-GCM-SHA256'
|
||||
- 'ECDHE-RSA-AES128-GCM-SHA256'
|
||||
- 'ECDHE-ECDSA-AES256-GCM-SHA384'
|
||||
- 'ECDHE-RSA-AES256-GCM-SHA384'
|
||||
- 'ECDHE-ECDSA-CHACHA20-POLY1305'
|
||||
- 'ECDHE-RSA-CHACHA20-POLY1305'
|
||||
- 'DHE-RSA-AES128-GCM-SHA256'
|
||||
- 'DHE-RSA-AES256-GCM-SHA384'
|
||||
- 'ECDHE-ECDSA-AES128-SHA256'
|
||||
- 'ECDHE-RSA-AES128-SHA256'
|
||||
- 'ECDHE-ECDSA-AES128-SHA'
|
||||
- 'ECDHE-RSA-AES256-SHA384'
|
||||
- 'ECDHE-RSA-AES128-SHA'
|
||||
- 'ECDHE-ECDSA-AES256-SHA384'
|
||||
- 'ECDHE-ECDSA-AES256-SHA'
|
||||
- 'ECDHE-RSA-AES256-SHA'
|
||||
- 'DHE-RSA-AES128-SHA256'
|
||||
- 'DHE-RSA-AES128-SHA'
|
||||
- 'DHE-RSA-AES256-SHA256'
|
||||
- 'DHE-RSA-AES256-SHA'
|
||||
- 'ECDHE-ECDSA-DES-CBC3-SHA'
|
||||
- 'ECDHE-RSA-DES-CBC3-SHA'
|
||||
- 'EDH-RSA-DES-CBC3-SHA'
|
||||
- 'AES128-GCM-SHA256'
|
||||
- 'AES256-GCM-SHA384'
|
||||
- 'AES128-SHA256'
|
||||
- 'AES256-SHA256'
|
||||
- 'AES128-SHA'
|
||||
- 'AES256-SHA'
|
||||
- 'DES-CBC3-SHA'
|
||||
- '!DSS'
|
||||
|
|
Loading…
Reference in New Issue