Преглед на файлове

Fix comment about Mozilla Modern Policy and TLS1.3

Thanks to @deAtog for pointing it out
came88 преди 5 години
родител
ревизия
eba7d8af77
променени са 1 файла, в които са добавени 2 реда и са изтрити 1 реда
  1. 2 1
      nginx.tmpl

+ 2 - 1
nginx.tmpl

@@ -25,7 +25,8 @@
 {{ define "ssl_policy" }}
 	{{ if eq .ssl_policy "Mozilla-Modern" }}
 		ssl_protocols TLSv1.3;
-		{{/* ssl_ciphers is undefined in the Mozilla-Modern policy /*}}
+		{{/* nginx currently lacks ability to choose ciphers in TLS 1.3 in configuration, see https://trac.nginx.org/nginx/ticket/1529 /*}}
+		{{/* a possible workaround can be modify /etc/ssl/openssl.cnf to change it globally (see https://trac.nginx.org/nginx/ticket/1529#comment:12 ) /*}}
 		{{/* explicitly set ngnix default value in order to allow single servers to override the global http value */}}
 		ssl_ciphers HIGH:!aNULL:!MD5;
 		ssl_prefer_server_ciphers off;