roles/nginx: add nginx ssl_ecdh_curve
This seems to be new since I last looked at the Mozilla server-side SSL configurator.
This commit is contained in:
parent
99866c0c90
commit
4bae942585
GPG Key ID:
0FB860CC9C45B1B9
@ -14,6 +14,7 @@ nginx_ssl_session_cache: shared:SSL:10m
|
||||
nginx_ssl_buffer_size: 4k
|
||||
nginx_ssl_dhparam: /etc/ssl/certs/dhparam.pem
|
||||
nginx_ssl_protocols: TLSv1.2 TLSv1.3
|
||||
nginx_ssl_ecdh_curve: X25519:prime256v1:secp384r1
|
||||
|
||||
# DNS resolvers for OCSP stapling (default to Cloudflare public DNS)
|
||||
# See: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling
|
||||
|
||||
@ -27,6 +27,7 @@
|
||||
|
||||
ssl_dhparam {{ nginx_ssl_dhparam }};
|
||||
ssl_protocols {{ nginx_ssl_protocols }};
|
||||
ssl_ecdh_curve {{ nginx_ssl_ecdh_curve }};
|
||||
ssl_ciphers "{{ tls_cipher_suite }}";
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user