diff --git a/Nginx/nginx.conf b/Nginx/nginx.conf index 6aba0f5..525d11f 100644 --- a/Nginx/nginx.conf +++ b/Nginx/nginx.conf @@ -36,12 +36,12 @@ http { # SSL Settings ## - ssl_protocols TLSv1.3; - #ssl_prefer_server_ciphers on; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; ssl_stapling on; #ssl_stapling_verify on; ssl_session_cache shared:SSL:10m; - #ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_dhparam /etc/nginx/dhparam.pem; ssl_ecdh_curve X25519:prime256v1:secp384r1;