Skip to content

Commit

Permalink
Merge pull request #470 from ksaadDE/patch-2
Browse files Browse the repository at this point in the history 
Add TLSv1.3 to nginx default configuration
  • Loading branch information
@schurzi
schurzi authored Nov 15, 2021
2 parents 0c84037 + 96d6b47 commit b0393a1
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion roles/nginx_hardening/defaults/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ nginx_add_header: [

nginx_set_cookie_flag: "* HttpOnly secure"
nginx_ssl_prefer_server_ciphers: "on"
nginx_ssl_protocols: "TLSv1.2"
nginx_ssl_protocols: "TLSv1.2 TLSv1.3"
nginx_ssl_ciphers: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
nginx_ssl_session_tickets: "off"
nginx_dh_size: "2048"

0 comments on commit b0393a1

Please sign in to comment.