summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'ansible/roles/nginx/files/tls/ssl_ciphers_intermediate')
-rw-r--r--ansible/roles/nginx/files/tls/ssl_ciphers_intermediate10
1 files changed, 10 insertions, 0 deletions
diff --git a/ansible/roles/nginx/files/tls/ssl_ciphers_intermediate b/ansible/roles/nginx/files/tls/ssl_ciphers_intermediate
new file mode 100644
index 0000000..bc79954
--- /dev/null
+++ b/ansible/roles/nginx/files/tls/ssl_ciphers_intermediate
@@ -0,0 +1,10 @@
1# From https://mozilla.github.io/server-side-tls/ssl-config-generator/
2# as of 2018-07-12
3
4# No TLSv1.3 support yet!
5
6ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
7ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
8
9# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
10ssl_dhparam /etc/ssl/ffdhe2048.pem;
Powered by cgit v1.2.3 (git 2.41.0)