From b5e08314abcc62e0823dd3d30507173d2e45289a Mon Sep 17 00:00:00 2001
From: Paweł Dybiec <pawel.to.malpa@gmail.com>
Date: Thu, 23 May 2019 21:52:18 +0200
Subject: Set strong cipher and ssl protocols

---
 compose/nginx/nginx.conf | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'compose/nginx')

diff --git a/compose/nginx/nginx.conf b/compose/nginx/nginx.conf
index fc640c2..4e9d7fd 100644
--- a/compose/nginx/nginx.conf
+++ b/compose/nginx/nginx.conf
@@ -22,6 +22,15 @@ http {
     ssl_certificate	/etc/letsencrypt/live/dybiec.info/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/dybiec.info/privkey.pem;
 
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    ssl_session_cache shared:SSL:50m;
+    ssl_session_timeout 5m;
+
+    ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384;
+
+
     sendfile        on;
     tcp_nopush     on;
 
-- 
cgit 1.4.1