diff options
| author | Wayne Witzel III <wayne@riotousliving.com> | 2016-12-09 17:01:48 +0100 |
|---|---|---|
| committer | Wayne Witzel III <wayne@riotousliving.com> | 2016-12-12 18:42:56 +0100 |
| commit | fafec3a0e3359cafce2631389179fb4e9ed9407c (patch) | |
| tree | f047fb68ab15dfe2a6d5e520b81ac78e46c6e7a8 /config | |
| parent | Update to use Modern values for SSL (diff) | |
| download | awx-fafec3a0e3359cafce2631389179fb4e9ed9407c.tar.xz awx-fafec3a0e3359cafce2631389179fb4e9ed9407c.zip | |
Update to use Modern values for SSL
Diffstat (limited to 'config')
| -rw-r--r-- | config/awx-nginx.conf | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/config/awx-nginx.conf b/config/awx-nginx.conf index a14dd036cf..eefb763834 100644 --- a/config/awx-nginx.conf +++ b/config/awx-nginx.conf @@ -54,8 +54,8 @@ http { ssl_session_tickets off; # intermediate configuration - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; + ssl_protocols TLSv1.2; + ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; ssl_prefer_server_ciphers on; # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) |