mirror of
https://github.com/PrivSec-dev/privsec.dev
synced 2024-12-30 08:41:34 -05:00
Update Cipher configuration (#118)
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
parent
0a1bd622ee
commit
a93e35a979
@ -32,12 +32,16 @@ These security configurations can be added/modified in `data/conf/nginx/includes
|
|||||||
|
|
||||||
### SSL Ciphers
|
### SSL Ciphers
|
||||||
|
|
||||||
Consider only supporting ciphers matching that of TLSv1.3:
|
Consider only supporting strong ciphers:
|
||||||
|
|
||||||
```
|
```
|
||||||
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256";
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||||
```
|
```
|
||||||
|
|
||||||
|
And prioritize ChaCha ciphers:
|
||||||
|
```
|
||||||
|
ssl_conf_command Options PrioritizeChaCha;
|
||||||
|
```
|
||||||
### HSTS
|
### HSTS
|
||||||
|
|
||||||
Consider adding `includeSubDomains;` and `preload;` to the HSTS configuration if all of your services are using HTTPS:
|
Consider adding `includeSubDomains;` and `preload;` to the HSTS configuration if all of your services are using HTTPS:
|
||||||
@ -93,4 +97,4 @@ If you do not use Gravatar with SOGo, you can also set COEP to require-corp sinc
|
|||||||
|
|
||||||
```
|
```
|
||||||
add_header Cross-Origin-Embedder-Policy require-corp;
|
add_header Cross-Origin-Embedder-Policy require-corp;
|
||||||
```
|
```
|
||||||
|
Loading…
Reference in New Issue
Block a user