diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-02-21 23:27:43 +0100 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-02-21 23:27:59 +0100 |
| commit | 29252c2355081fb692f0548da1009502b30f86dc (patch) | |
| tree | 4765a7740f21c356ab5f4bd61a299f65b8ecd405 /modules/websites/default.nix | |
| parent | 2b9e8e578718557772da727355f1d9a1d34b0e1c (diff) | |
| download | Nix-29252c2355081fb692f0548da1009502b30f86dc.tar.gz Nix-29252c2355081fb692f0548da1009502b30f86dc.tar.zst Nix-29252c2355081fb692f0548da1009502b30f86dc.zip | |
Deprecate tlsv1.1 protocol for apache
Diffstat (limited to 'modules/websites/default.nix')
| -rw-r--r-- | modules/websites/default.nix | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/modules/websites/default.nix b/modules/websites/default.nix index e69080e..767a7b2 100644 --- a/modules/websites/default.nix +++ b/modules/websites/default.nix | |||
| @@ -204,6 +204,14 @@ in | |||
| 204 | stateDir = "/run/httpd_${name}"; | 204 | stateDir = "/run/httpd_${name}"; |
| 205 | logPerVirtualHost = true; | 205 | logPerVirtualHost = true; |
| 206 | multiProcessingModule = "worker"; | 206 | multiProcessingModule = "worker"; |
| 207 | # https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=intermediate&openssl=1.0.2t&guideline=5.4 | ||
| 208 | sslProtocols = "all -SSLv3 -TLSv1 -TLSv1.1"; | ||
| 209 | sslCiphers = builtins.concatStringsSep ":" [ | ||
| 210 | "ECDHE-ECDSA-AES128-GCM-SHA256" "ECDHE-RSA-AES128-GCM-SHA256" | ||
| 211 | "ECDHE-ECDSA-AES256-GCM-SHA384" "ECDHE-RSA-AES256-GCM-SHA384" | ||
| 212 | "ECDHE-ECDSA-CHACHA20-POLY1305" "ECDHE-RSA-CHACHA20-POLY1305" | ||
| 213 | "DHE-RSA-AES128-GCM-SHA256" "DHE-RSA-AES256-GCM-SHA384" | ||
| 214 | ]; | ||
| 207 | inherit (icfg) adminAddr; | 215 | inherit (icfg) adminAddr; |
| 208 | logFormat = "combinedVhost"; | 216 | logFormat = "combinedVhost"; |
| 209 | extraModules = lists.unique icfg.modules; | 217 | extraModules = lists.unique icfg.modules; |