From 8bf84cd76538723661d67162e7fc35833371e3a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ky=C3=A2ne=20Pichou?= <kyane@kyane.fr>
Date: Sun, 11 Mar 2018 20:23:55 +0100
Subject: [PATCH] Improve TLS security (#243)

Closes #242
---
 web/mattermost-ssl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/web/mattermost-ssl b/web/mattermost-ssl
index 89d48aa..46acf04 100644
--- a/web/mattermost-ssl
+++ b/web/mattermost-ssl
@@ -16,8 +16,8 @@ server {
     ssl_certificate /cert/cert.pem;
     ssl_certificate_key /cert/key-no-password.pem;
     ssl_session_timeout 5m;
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-    ssl_ciphers HIGH:MEDIUM:!SSLv2:!PSK:!SRP:!ADH:!AECDH;
+    ssl_protocols TLSv1.1 TLSv1.2;
+    ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA;
     ssl_prefer_server_ciphers on;
 
     location ~ /api/v[0-9]+/(users/)?websocket$ {