aboutsummaryrefslogtreecommitdiff
path: root/static/files/articles/site-backend/tls.conf.txt
diff options
context:
space:
mode:
Diffstat (limited to 'static/files/articles/site-backend/tls.conf.txt')
-rw-r--r--static/files/articles/site-backend/tls.conf.txt9
1 files changed, 9 insertions, 0 deletions
diff --git a/static/files/articles/site-backend/tls.conf.txt b/static/files/articles/site-backend/tls.conf.txt
new file mode 100644
index 0000000..011930d
--- /dev/null
+++ b/static/files/articles/site-backend/tls.conf.txt
@@ -0,0 +1,9 @@
+# explicit list of cipher suites
+# (from ssl-config.mozilla.org)
+SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+
+# use server priorities for cipher algorithm choice
+SSLHonorCipherOrder on
+
+# protocols to enable (TLS 1.2 and 1.3 only)
+SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 06:18:57 +0000