Skip to content

Commit 1c0da15

Browse files
rmensrmens
authored
Update default SSL config (#133)
* Update default SSL config Disable insecure ciphers and protocols. Bump ssl_session_timeout to recommended 1d. Based on Mozilla Guideline v5.6. * Update nginx-cuda.conf
1 parent 5a54962 commit 1c0da15

File tree

2 files changed

+10
-8
lines changed

2 files changed

+10
-8
lines changed

nginx-cuda.conf

+5-4
Original file line numberDiff line numberDiff line change
@@ -39,10 +39,11 @@ http {
3939
access_log /dev/stdout combined;
4040

4141
# Uncomment these lines to enable SSL.
42-
# ssl_ciphers HIGH:!aNULL:!MD5;
43-
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
44-
# ssl_session_cache shared:SSL:10m;
45-
# ssl_session_timeout 10m;
42+
# ssl_protocols TLSv1.2 TLSv1.3;
43+
# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
44+
# ssl_prefer_server_ciphers off;
45+
# ssl_session_cache shared:SSL:10m;
46+
# ssl_session_timeout 1d;
4647

4748
server {
4849
listen ${HTTP_PORT};

nginx.conf

+5-4
Original file line numberDiff line numberDiff line change
@@ -48,10 +48,11 @@ http {
4848
access_log /dev/stdout combined;
4949

5050
# Uncomment these lines to enable SSL.
51-
# ssl_ciphers HIGH:!aNULL:!MD5;
52-
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
53-
# ssl_session_cache shared:SSL:10m;
54-
# ssl_session_timeout 10m;
51+
# ssl_protocols TLSv1.2 TLSv1.3;
52+
# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
53+
# ssl_prefer_server_ciphers off;
54+
# ssl_session_cache shared:SSL:10m;
55+
# ssl_session_timeout 1d;
5556

5657
server {
5758
listen ${HTTP_PORT};

0 commit comments

Comments
 (0)