summaryrefslogtreecommitdiff
path: root/custom
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2016-01-24 14:13:18 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2016-01-24 14:13:18 +0100
commitad3aa5365577c3f25ccc81ae5a0fd94c0d68e71f (patch)
treed34ed8b23c7bb48b3b835039e0ea644d0af5352f /custom
parent60fd55bbeea060640fde6834f7488544a58a6f27 (diff)
downloadnixos-ad3aa5365577c3f25ccc81ae5a0fd94c0d68e71f.tar
nixos-ad3aa5365577c3f25ccc81ae5a0fd94c0d68e71f.tar.gz
nixos-ad3aa5365577c3f25ccc81ae5a0fd94c0d68e71f.tar.bz2
nixos-ad3aa5365577c3f25ccc81ae5a0fd94c0d68e71f.tar.xz
nixos-ad3aa5365577c3f25ccc81ae5a0fd94c0d68e71f.zip
better tls config
Diffstat (limited to 'custom')
-rw-r--r--custom/ymir-nginx.nix6
1 files changed, 6 insertions, 0 deletions
diff --git a/custom/ymir-nginx.nix b/custom/ymir-nginx.nix
index 9c98d2ab..fd7d7e94 100644
--- a/custom/ymir-nginx.nix
+++ b/custom/ymir-nginx.nix
@@ -68,6 +68,12 @@ in {
68 access_log stderr; 68 access_log stderr;
69 error_log stderr; 69 error_log stderr;
70 70
71 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
72 ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
73 ssl_prefer_server_ciphers on;
74 ssl_session_cache shared:SSL:10m;
75 ssl_dhparam /etc/ssl/dhparam.pem;
76
71 server { 77 server {
72 listen *:80; 78 listen *:80;
73 listen [::]:80; 79 listen [::]:80;