diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-02-21 23:27:43 +0100 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-04-25 00:04:49 +0200 |
commit | b0f6964b42fb33396fc18e5333aa9dc20216cfbb (patch) | |
tree | 934f4cae289b6780fbfd10576c08c6187fb46b4a | |
parent | 5a979e9806fe8e38d312d589c8ff199b173f7911 (diff) | |
download | NUR-b0f6964b42fb33396fc18e5333aa9dc20216cfbb.tar.gz NUR-b0f6964b42fb33396fc18e5333aa9dc20216cfbb.tar.zst NUR-b0f6964b42fb33396fc18e5333aa9dc20216cfbb.zip |
Deprecate tlsv1.1 protocol for apache
-rw-r--r-- | modules/websites/default.nix | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/modules/websites/default.nix b/modules/websites/default.nix index e69080e9..767a7b23 100644 --- a/modules/websites/default.nix +++ b/modules/websites/default.nix | |||
@@ -204,6 +204,14 @@ in | |||
204 | stateDir = "/run/httpd_${name}"; | 204 | stateDir = "/run/httpd_${name}"; |
205 | logPerVirtualHost = true; | 205 | logPerVirtualHost = true; |
206 | multiProcessingModule = "worker"; | 206 | multiProcessingModule = "worker"; |
207 | # https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=intermediate&openssl=1.0.2t&guideline=5.4 | ||
208 | sslProtocols = "all -SSLv3 -TLSv1 -TLSv1.1"; | ||
209 | sslCiphers = builtins.concatStringsSep ":" [ | ||
210 | "ECDHE-ECDSA-AES128-GCM-SHA256" "ECDHE-RSA-AES128-GCM-SHA256" | ||
211 | "ECDHE-ECDSA-AES256-GCM-SHA384" "ECDHE-RSA-AES256-GCM-SHA384" | ||
212 | "ECDHE-ECDSA-CHACHA20-POLY1305" "ECDHE-RSA-CHACHA20-POLY1305" | ||
213 | "DHE-RSA-AES128-GCM-SHA256" "DHE-RSA-AES256-GCM-SHA384" | ||
214 | ]; | ||
207 | inherit (icfg) adminAddr; | 215 | inherit (icfg) adminAddr; |
208 | logFormat = "combinedVhost"; | 216 | logFormat = "combinedVhost"; |
209 | extraModules = lists.unique icfg.modules; | 217 | extraModules = lists.unique icfg.modules; |