Browse code

[nginx]disable-tls1.0and1.1

Manuel Guilley authored on 03/05/2018 06:58:16
Showing 1 changed files
... ...
@@ -48,7 +48,7 @@ server {
48 48
   ssl_session_timeout  5m;
49 49
   # use bettercrypto.org recommanded settings
50 50
   ssl_prefer_server_ciphers on;
51
-  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
51
+  ssl_protocols TLSv1.2;
52 52
   ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA';
53 53
   ssl_dhparam /etc/nginx/bm_dhparam.pem;
54 54