nginx_hooks.toml: updates

* update author in Copyright * update ssl_ciphers (as Rudolphe suggested) Signed-off-by: Ralf Zerres <ralf.zerres@networkx.de>
5 years ago · 5d7bab53aa
1 changed files with 2 additions and 3 deletions
--- a/acmed/config/nginx_hooks.toml
+++ b/acmed/config/nginx_hooks.toml
@ -1,4 +1,4 @@
-# Copyright (c) 2021 Rodolphe Bréard <rodolphe@breard.tf>
+# Copyright (c) 2021 Ralf Zerres <ralf.zerres@networkx.de>
 #
 # Copying and distribution of this file, with or without modification,
 # are permitted in any medium without royalty provided the copyright
@ -105,8 +105,7 @@ ssl_session_tickets off;
 ssl_protocols TLSv1.2 TLSv1.3;
 ssl_prefer_server_ciphers off;

-ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-PO
-LY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
+ssl_ciphers 'HIGH:!eNULL:!LOW:!MEDIUM:!EXP:!RC4:!3DES:!MD5:!SHA1:!SHA256:!SHA384:!PSK:!kRSA:!SRP:-DH:+ECDH';
 """
 stdout = "{{#if env.NGINX_CONFDIR}}{{env.NGINX_CONFDIR}}{{else}}/etc/nginx/conf.d{{/if}}/{{#if env.NGINX_TLS_CERTIFICATE}}{{env.NGINX_TLS_CERTIFICATE}}{{else}}002-tls-certificates.conf{{/if}}"
 allow_failure = true