浏览代码

Update doc with SSL_POLICY values

Nicolas Duchon 7 年之前
父节点
当前提交
35f092ca30
共有 1 个文件被更改,包括 9 次插入1 次删除
  1. 9 1
      README.md

+ 9 - 1
README.md

@@ -247,10 +247,18 @@ included because the following browsers will stop working when it is removed: Ch
 IE < 11, Safari < 7, iOS < 5, Android Browser < 5.
 
 If you don't require backward compatibility, you can use the [Mozilla modern profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility)
-profile instead by including the environment variable `MODERN_SSL=true` to your container.
+profile instead by including the environment variable `SSL_POLICY=Mozilla-Modern` to your container.
 This profile is compatible with clients back to Firefox 27, Chrome 30, IE 11 on Windows 7,
 Edge, Opera 17, Safari 9, Android 5.0, and Java 8.
 
+Other policies available through the `SSL_POLICY` environment variable are [`Mozilla-Old`](https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility)
+and the [AWS ELB Security Policies](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-policy-table.html)
+`AWS-TLS-1-2-2017-01`, `AWS-TLS-1-1-2017-01`, `AWS-2016-08`, `AWS-2015-05`, `AWS-2015-03` and `AWS-2015-02`.
+
+Note that the `Mozilla-Old` policy should use a 1024 bits DH key for compatibility but this container generates
+a 2048 bits key. The [Diffie-Hellman Groups](#diffie-hellman-groups) section details different methods of bypassing
+this, either globally or per virtual-host.
+
 The default behavior for the proxy when port 80 and 443 are exposed is as follows:
 
 * If a container has a usable cert, port 80 will redirect to 443 for that container so that HTTPS