Alan Orth
81a98596e3
From looking at the list of clients who would be allowed to connect when using the "modern" spec, I think I'd be doing more harm than good to use that config right now... https://www.ssllabs.com/ssltest/analyze.html?d=alaninkenya.org https://wiki.mozilla.org/Security/Server_Side_TLS Signed-off-by: Alan Orth <alan.orth@gmail.com>
17 lines
309 B
YAML
17 lines
309 B
YAML
---
|
|
# file: roles/nginx/defaults/main.yml
|
|
|
|
# path config
|
|
nginx_confd_path: /etc/nginx/conf.d
|
|
|
|
# parent directory of vhost roots
|
|
nginx_root_prefix: /var/www
|
|
|
|
# TLS protocol versions to support
|
|
nginx_tls_protocols: TLSv1 TLSv1.1 TLSv1.2
|
|
|
|
# TLS key directory
|
|
tls_key_dir: /etc/ssl/private
|
|
|
|
# vim: set ts=2 sw=2:
|