From 97520ea9ecbedb74e7ec5b698b9589cf2ccadc87 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Wed, 2 Dec 2020 07:33:51 -0500 Subject: [PATCH] consistent cipher order for TLS 1.2 and TLS 1.3 --- nginx/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx/nginx.conf b/nginx/nginx.conf index a61d9846..62fdd854 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -37,7 +37,7 @@ http { ssl_session_cache shared:SSL:10m; ssl_session_timeout 1d; ssl_session_tickets off; - ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305; + ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256; ssl_trusted_certificate /etc/letsencrypt/live/grapheneos.org/chain.pem; ssl_stapling on;