consistent cipher order for TLS 1.2 and TLS 1.3

2020-12-02 07:33:51 -05:00 · 2020-12-02 07:33:51 -05:00 · 97520ea9ec
commit 97520ea9ec
parent 41547b0e40
1 changed files with 1 additions and 1 deletions
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@ -37,7 +37,7 @@ http {
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 1d;
    ssl_session_tickets off;
-    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305;
+    ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256;

    ssl_trusted_certificate /etc/letsencrypt/live/grapheneos.org/chain.pem;
    ssl_stapling on;