Gnous/mattermost
Archived
2
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

Update SSL ciphers and TLS versions in nginx config file (#501)

Browse Source
This commit is contained in:
Simon Staszkiewicz 2020-11-03 09:12:21 +00:00 committed by GitHub
parent 124a8ba340
commit c8b5a40f99
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
web/mattermost-ssl Normal file → Executable file
View File

@ -15,9 +15,11 @@ server {
ssl_certificate /cert/cert.pem; ssl_certificate /cert/cert.pem;
ssl_certificate_key /cert/key-no-password.pem; ssl_certificate_key /cert/key-no-password.pem;
ssl_session_timeout 5m; ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:MEDIUM:!SSLv2:!PSK:!SRP:!ADH:!AECDH; # Please update the ciphers in this file every 6 months.
ssl_prefer_server_ciphers on; # https://ssl-config.mozilla.org/
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
location ~ /api/v[0-9]+/(users/)?websocket$ { location ~ /api/v[0-9]+/(users/)?websocket$ {
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;