From cfccc2acc03a5c849a731337a1d7b98294273fff Mon Sep 17 00:00:00 2001 From: Manuel Alejandro de Brito Fontes Date: Thu, 5 Dec 2019 19:34:53 -0300 Subject: [PATCH] Update default SSL ciphers --- internal/ingress/controller/config/config.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go index 22e319ff12..717a916243 100644 --- a/internal/ingress/controller/config/config.go +++ b/internal/ingress/controller/config/config.go @@ -66,7 +66,7 @@ const ( // Enabled ciphers list to enabled. The ciphers are specified in the format understood by the OpenSSL library // http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers - sslCiphers = "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256" + sslCiphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" // SSL enabled protocols to use // http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols