1 files changed, 7 insertions, 0 deletions
diff --git a/ansible/roles/nginx/files/tls/ssl_ciphers_tls13 b/ansible/roles/nginx/files/tls/ssl_ciphers_tls13
new file mode 100644
index 0000000..db04c36
--- /dev/null
+++ b/ansible/roles/nginx/files/tls/ssl_ciphers_tls13
@@ -0,0 +1,7 @@
+# From https://github.com/cloudflare/sslconfig/blob/796bc5ac7224f1e540394d792323ccafa86aaeea/conf
+# nginx >= 1.11.0 (2016-05-24) created the 'ssl_ecdh_curve' parameter
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
+ssl_ecdh_curve X25519:P-256:P-384:P-224:P-521;
+ssl_ciphers '[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]:ECDHE+AES128:RSA+AES128:ECDHE+AES256:RSA+AES256:ECDHE+3DES:RSA+3DES';

diff --git a/ansible/roles/nginx/files/tls/ssl_ciphers_tls13 b/ansible/roles/nginx/files/tls/ssl_ciphers_tls13 new file mode 100644 index 0000000..db04c36 --- /dev/null +++ b/ansible/roles/nginx/files/tls/ssl_ciphers_tls13
@@ -0,0 +1,7 @@
	1	# From https://github.com/cloudflare/sslconfig/blob/796bc5ac7224f1e540394d792323ccafa86aaeea/conf
	2
	3	# nginx >= 1.11.0 (2016-05-24) created the 'ssl_ecdh_curve' parameter
	4
	5	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
	6	ssl_ecdh_curve X25519:P-256:P-384:P-224:P-521;
	7	ssl_ciphers '[ECDHE-ECDSA-AES128-GCM-SHA256\|ECDHE-ECDSA-CHACHA20-POLY1305\|ECDHE-RSA-AES128-GCM-SHA256\|ECDHE-RSA-CHACHA20-POLY1305]:ECDHE+AES128:RSA+AES128:ECDHE+AES256:RSA+AES256:ECDHE+3DES:RSA+3DES';