diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-02-21 23:27:43 +0100 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-04-25 00:04:49 +0200 |
| commit | b0f6964b42fb33396fc18e5333aa9dc20216cfbb (patch) | |
| tree | 934f4cae289b6780fbfd10576c08c6187fb46b4a | |
| parent | 5a979e9806fe8e38d312d589c8ff199b173f7911 (diff) | |
| download | NUR-b0f6964b42fb33396fc18e5333aa9dc20216cfbb.tar.gz NUR-b0f6964b42fb33396fc18e5333aa9dc20216cfbb.tar.zst NUR-b0f6964b42fb33396fc18e5333aa9dc20216cfbb.zip | |
Deprecate tlsv1.1 protocol for apache
| -rw-r--r-- | modules/websites/default.nix | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/modules/websites/default.nix b/modules/websites/default.nix index e69080e9..767a7b23 100644 --- a/modules/websites/default.nix +++ b/modules/websites/default.nix | |||
| @@ -204,6 +204,14 @@ in | |||
| 204 | stateDir = "/run/httpd_${name}"; | 204 | stateDir = "/run/httpd_${name}"; |
| 205 | logPerVirtualHost = true; | 205 | logPerVirtualHost = true; |
| 206 | multiProcessingModule = "worker"; | 206 | multiProcessingModule = "worker"; |
| 207 | # https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=intermediate&openssl=1.0.2t&guideline=5.4 | ||
| 208 | sslProtocols = "all -SSLv3 -TLSv1 -TLSv1.1"; | ||
| 209 | sslCiphers = builtins.concatStringsSep ":" [ | ||
| 210 | "ECDHE-ECDSA-AES128-GCM-SHA256" "ECDHE-RSA-AES128-GCM-SHA256" | ||
| 211 | "ECDHE-ECDSA-AES256-GCM-SHA384" "ECDHE-RSA-AES256-GCM-SHA384" | ||
| 212 | "ECDHE-ECDSA-CHACHA20-POLY1305" "ECDHE-RSA-CHACHA20-POLY1305" | ||
| 213 | "DHE-RSA-AES128-GCM-SHA256" "DHE-RSA-AES256-GCM-SHA384" | ||
| 214 | ]; | ||
| 207 | inherit (icfg) adminAddr; | 215 | inherit (icfg) adminAddr; |
| 208 | logFormat = "combinedVhost"; | 216 | logFormat = "combinedVhost"; |
| 209 | extraModules = lists.unique icfg.modules; | 217 | extraModules = lists.unique icfg.modules; |