sanderlv
commented
1 year ago Please, I need to add this for my alexa MP3 playing to work...
I don't know how to add that.
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
ssl_ecdh_curve X25519:secp521r1:prime256v1
github-actions[bot]
Is your feature request related to a problem? Please describe. Currently the Nginx options for TLS settings and ciphers are either fixed (ciphers) or modifiable only partially (TLS server templates for hosts allowing changes for HSTS and HTTP/2). More options would allow to use Mozilla Modern TLS 1.3 configurations or allow users to switch between old/intermediate/modern configurations and/or their individual options to suit their server/client needs and capability.
Describe the solution you'd like
/etc/nginx/conf.d/include/ssl-ciphers.confallowing to choosessl_protocols(TLSv1.3),ssl_ciphers(lists),ssl_prefer_server_ciphers(off),ssl_ecdh_curve(X25519:prime256v1:secp384r1)site.conffiles with more options to choose from, that would incorporate the above cipher options - again as per Mozilla recommendations above, potentially also with addition of OCSP stapling (probably separate subject due to complexity).Describe alternatives you've considered Just editing of
/etc/nginx/conf.d/include/ssl-ciphers.confAdditional context Again, ideally both selectable individual options above and composite options to choose between old, intermediate and modern configurations as per Mozilla specs would be amazing.
As always - thank you for your great effort so far. No pressure and thank you for consideration.