roles/nginx: add nginx ssl_ecdh_curve

This seems to be new since I last looked at the Mozilla server-side
SSL configurator.
This commit is contained in:
Alan Orth 2025-03-29 22:31:32 +03:00
parent 99866c0c90
commit 4bae942585
Signed by: alanorth
GPG Key ID: 0FB860CC9C45B1B9
2 changed files with 2 additions and 0 deletions

View File

@ -14,6 +14,7 @@ nginx_ssl_session_cache: shared:SSL:10m
nginx_ssl_buffer_size: 4k
nginx_ssl_dhparam: /etc/ssl/certs/dhparam.pem
nginx_ssl_protocols: TLSv1.2 TLSv1.3
nginx_ssl_ecdh_curve: X25519:prime256v1:secp384r1
# DNS resolvers for OCSP stapling (default to Cloudflare public DNS)
# See: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling

View File

@ -27,6 +27,7 @@
ssl_dhparam {{ nginx_ssl_dhparam }};
ssl_protocols {{ nginx_ssl_protocols }};
ssl_ecdh_curve {{ nginx_ssl_ecdh_curve }};
ssl_ciphers "{{ tls_cipher_suite }}";
ssl_prefer_server_ciphers on;