1
0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2024-12-30 08:41:34 -05:00

Update Cipher configuration ()

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2023-04-15 05:57:23 -04:00 committed by GitHub
parent 0a1bd622ee
commit a93e35a979
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -32,12 +32,16 @@ These security configurations can be added/modified in `data/conf/nginx/includes
### SSL Ciphers ### SSL Ciphers
Consider only supporting ciphers matching that of TLSv1.3: Consider only supporting strong ciphers:
``` ```
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256"; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
``` ```
And prioritize ChaCha ciphers:
```
ssl_conf_command Options PrioritizeChaCha;
```
### HSTS ### HSTS
Consider adding `includeSubDomains;` and `preload;` to the HSTS configuration if all of your services are using HTTPS: Consider adding `includeSubDomains;` and `preload;` to the HSTS configuration if all of your services are using HTTPS:
@ -93,4 +97,4 @@ If you do not use Gravatar with SOGo, you can also set COEP to require-corp sinc
``` ```
add_header Cross-Origin-Embedder-Policy require-corp; add_header Cross-Origin-Embedder-Policy require-corp;
``` ```