roles/nginx: add nginx ssl_ecdh_curve

This seems to be new since I last looked at the Mozilla server-side SSL configurator.
2025-03-29 22:31:32 +03:00
parent 99866c0c90
commit 4bae942585
2 changed files with 2 additions and 0 deletions
--- a/roles/nginx/defaults/main.yml
+++ b/roles/nginx/defaults/main.yml
@ -14,6 +14,7 @@ nginx_ssl_session_cache: shared:SSL:10m
 nginx_ssl_buffer_size: 4k
 nginx_ssl_dhparam: /etc/ssl/certs/dhparam.pem
 nginx_ssl_protocols: TLSv1.2 TLSv1.3
+nginx_ssl_ecdh_curve: X25519:prime256v1:secp384r1

 # DNS resolvers for OCSP stapling (default to Cloudflare public DNS)
 # See: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling