Skip to content

Commit

Permalink
Add support for TLSv1.3 in nginx configurations
Browse files Browse the repository at this point in the history
Signed-off-by: malmor <[email protected]>
  • Loading branch information
malmor committed May 9, 2023
1 parent 2203831 commit 44f9b2b
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 3 deletions.
2 changes: 1 addition & 1 deletion make/photon/prepare/templates/nginx/nginx.https.conf.jinja
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ http {
ssl_certificate_key {{ssl_cert_key}};

# Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl_protocols TLSv1.2;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
ssl_certificate_key {{ssl_cert_key}};

# recommendations from https://raymii.org/s/tutorials/strong_ssl_security_on_nginx.html
ssl_protocols tlsv1.2;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:ssl:10m;
Expand Down
2 changes: 1 addition & 1 deletion make/photon/prepare/templates/portal/nginx.conf.jinja
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ http {
ssl_certificate_key /etc/harbor/tls/portal.key;

# Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl_protocols TLSv1.2;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
Expand Down

0 comments on commit 44f9b2b

Please sign in to comment.