From 516d3d162c85ff59fa67568d4938ac0ca64af454 Mon Sep 17 00:00:00 2001 From: Christian Date: Sat, 2 Feb 2019 13:06:48 +0100 Subject: [PATCH] Update server/conf/nginx_apps.vhost.master, server/conf/nginx_vhost.conf.master, server/conf/vhost.conf.master files --- server/conf/nginx_apps.vhost.master | 2 +- server/conf/nginx_vhost.conf.master | 2 +- server/conf/vhost.conf.master | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/server/conf/nginx_apps.vhost.master b/server/conf/nginx_apps.vhost.master index d89faeaa92..da323ca9e4 100644 --- a/server/conf/nginx_apps.vhost.master +++ b/server/conf/nginx_apps.vhost.master @@ -2,7 +2,7 @@ server { listen {apps_vhost_ip}{apps_vhost_port}; listen [::]:{apps_vhost_port} ipv6only=on; ssl {ssl_on}; - {ssl_comment}ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + {ssl_comment}ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; {ssl_comment}ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt; {ssl_comment}ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key; diff --git a/server/conf/nginx_vhost.conf.master b/server/conf/nginx_vhost.conf.master index bc09c42937..ca87f6af76 100644 --- a/server/conf/nginx_vhost.conf.master +++ b/server/conf/nginx_vhost.conf.master @@ -28,7 +28,7 @@ server { listen : ssl{tmpl_if name='enable_http2' op='==' value='y'} http2{/tmpl_if}{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if}; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; # ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; # ssl_prefer_server_ciphers on; diff --git a/server/conf/vhost.conf.master b/server/conf/vhost.conf.master index 7d129e5596..e314a2625b 100644 --- a/server/conf/vhost.conf.master +++ b/server/conf/vhost.conf.master @@ -29,7 +29,7 @@ DocumentRoot Protocols h2 http/1.1 - SSLProtocol All -SSLv2 -SSLv3 + SSLProtocol All -SSLv2 -SSLv3 -TLSv1 SSLCipherSuite 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS' @@ -56,7 +56,7 @@ DocumentRoot SSLEngine on - SSLProtocol All -SSLv2 -SSLv3 + SSLProtocol All -SSLv2 -SSLv3 -TLSv1 # SSLCipherSuite TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS SSLHonorCipherOrder on # -- GitLab