rollback TLS reqs

2024-12-10 19:26:43 -05:00 · 2024-12-10 19:26:43 -05:00 · d31607d7b8
parent bb7f5912af
commit d31607d7b8
1 changed files with 3 additions and 3 deletions
--- a/Nginx/nginx.conf
+++ b/Nginx/nginx.conf
@ -36,12 +36,12 @@ http {
        # SSL Settings
        ##

-        ssl_protocols TLSv1.3;
-        ssl_prefer_server_ciphers off;
+        ssl_protocols TLSv1.2 TLSv1.3;
+        ssl_prefer_server_ciphers on;
        ssl_stapling on;
        #ssl_stapling_verify on;
        ssl_session_cache shared:SSL:10m;
-        #ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
        ssl_dhparam /etc/nginx/dhparam.pem;
        ssl_ecdh_curve X25519:prime256v1:secp384r1;