Stricter ciphers

2024-09-19 18:14:41 -04:00 · 2022-12-01 20:10:54 -05:00 · 2022-12-01 20:10:54 -05:00 · 0859d51033
commit 0859d51033
parent 74926165c2
1 changed files with 3 additions and 3 deletions
--- a/swag/nginx/ssl.conf
+++ b/swag/nginx/ssl.conf
@ -15,8 +15,8 @@ ssl_dhparam /config/nginx/dhparams.pem;
 # intermediate configuration
 ssl_protocols TLSv1.2 TLSv1.3;
-ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256;
-ssl_prefer_server_ciphers off;
+ssl_prefer_server_ciphers on;
 # HSTS (ngx_http_headers_module is required) (63072000 seconds)
 add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
@ -38,4 +38,4 @@ add_header X-XSS-Protection "0" always;
 add_header Cross-Origin-Resource-Policy same-origin;
 add_header Cross-Origin-Embedder-Policy require-corp;
 add_header Cross-Origin-Opener-Policy same-origin;
-add_header Expect-CT "enforce, max-age=63072000";
+add_header Expect-CT "enforce, max-age=63072000";