mirror of
https://github.com/certbot/certbot.git
synced 2026-06-09 00:32:12 -04:00
896c1e0b66
As mentioned in https://github.com/certbot/certbot/pull/7712#discussion_r370419867, it's time to remove this ciphersuite now that Windows 2008 R2 and Windows 7 are EOLed. * Remove ECDHE-RSA-AES128-SHA from NGINX ciphers list to celebrate Windows 2008 R2 deprecation * Update changelog
14 lines
721 B
Text
14 lines
721 B
Text
# This file contains important security parameters. If you modify this file
|
|
# manually, Certbot will be unable to automatically provide future security
|
|
# updates. Instead, Certbot will print and log an error message with a path to
|
|
# the up-to-date file that you will need to refer to when manually updating
|
|
# this file.
|
|
|
|
ssl_session_cache shared:le_nginx_SSL:10m;
|
|
ssl_session_timeout 1440m;
|
|
ssl_session_tickets off;
|
|
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_prefer_server_ciphers off;
|
|
|
|
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
|