Enable TLSv1.3 and remove TLSv1 and 1.1

IE10 does not have 1.2, so maybe we can risk it As per Android documentaion TLS 1.2 is fully supported after API level 20/Android 5(Lolipop) https://discussions.qualys.com/thread/17020-tls-12-support-for-android-devices https://www.ryandesignstudio.com/what-is-tls/
2020-03-24 14:34:35 -07:00
parent d3eeb5f48a
commit f99450d264
1 changed files with 1 additions and 1 deletions
--- a/src/nginxconfig.ejs
+++ b/src/nginxconfig.ejs
@@ -65,7 +65,7 @@ server {
    # https://cipherli.st/
    # https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
    ssl_prefer_server_ciphers on;
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don't use SSLv3 ref: POODLE
+    ssl_protocols TLSv1.2 TLSv1.3; # don't use SSLv3 ref: POODLE

    # ciphers according to https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.10.3&openssl=1.0.2g&hsts=yes&profile=modern
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';