aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDawid Potocki <dawid@dawidpotocki.com>2020-08-12 04:29:00 +1200
committerDawid Potocki <dawid@dawidpotocki.com>2020-08-12 04:29:00 +1200
commita568280199a25798c3e9848449c1c2f77ee8dc59 (patch)
treed3e6ae3f03785e7f7f13d33db7d198da3a00fd95
parent25763f9d8b4c1edff0fb9b1e46dcbe2d374e773f (diff)
Simplify `ssl_ciphers` in nginx config
-rw-r--r--nginx/020-tls.conf2
1 files changed, 1 insertions, 1 deletions
diff --git a/nginx/020-tls.conf b/nginx/020-tls.conf
index 0ef82e1..61aed98 100644
--- a/nginx/020-tls.conf
+++ b/nginx/020-tls.conf
@@ -4,7 +4,7 @@ ssl_certificate /etc/letsencrypt/live/{{ site.domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ site.domain }}/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
-ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
+ssl_ciphers EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-CHACHA20-POLY1305;
ssl_prefer_server_ciphers on;
ssl_stapling on;