move cipher configuration

2020-12-03 10:16:38 -05:00 · 2020-12-03 10:16:38 -05:00 · 85fb45cda3
commit 85fb45cda3
parent dd97f682ff
1 changed files with 1 additions and 1 deletions
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@ -30,6 +30,7 @@ http {
    limit_conn addr 256;

    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256;
    ssl_prefer_server_ciphers on;

    ssl_certificate /etc/letsencrypt/live/grapheneos.org/fullchain.pem;
@ -37,7 +38,6 @@ http {
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 1d;
    ssl_session_tickets off;
-    ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256;

    ssl_trusted_certificate /etc/letsencrypt/live/grapheneos.org/chain.pem;
    ssl_stapling on;