From 41547b0e40e14ac78401029dd5a6b5926ba3367b Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Wed, 2 Dec 2020 07:09:15 -0500 Subject: [PATCH] remove unused RSA cipher configuration --- nginx/nginx.conf | 3 +-- nginx/ssl-dhparams.pem | 11 ----------- 2 files changed, 1 insertion(+), 13 deletions(-) delete mode 100644 nginx/ssl-dhparams.pem diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 505c7f97..a61d9846 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -34,11 +34,10 @@ http { ssl_certificate /etc/letsencrypt/live/grapheneos.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/grapheneos.org/privkey.pem; - ssl_dhparam /etc/nginx/ssl-dhparams.pem; ssl_session_cache shared:SSL:10m; ssl_session_timeout 1d; ssl_session_tickets off; - ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305; ssl_trusted_certificate /etc/letsencrypt/live/grapheneos.org/chain.pem; ssl_stapling on; diff --git a/nginx/ssl-dhparams.pem b/nginx/ssl-dhparams.pem deleted file mode 100644 index fb31ccda..00000000 --- a/nginx/ssl-dhparams.pem +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN DH PARAMETERS----- -MIIBiAKCAYEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz -+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a -87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 -YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi -7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD -ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3 -7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32 -nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZsYu -N///////////AgEC ------END DH PARAMETERS-----