improve default tls security

2021-02-28 23:59:22 +01:00
parent d5d699252c
commit 5940f402c7
1 changed files with 1 additions and 1 deletions
--- a/confs/site/https.conf
+++ b/confs/site/https.conf
@@ -2,7 +2,7 @@ listen 0.0.0.0:%HTTPS_PORT% ssl %HTTP2%;
 ssl_certificate %HTTPS_CERT%;
 ssl_certificate_key %HTTPS_KEY%;
 ssl_protocols %HTTPS_PROTOCOLS%;
-ssl_prefer_server_ciphers off;
+ssl_prefer_server_ciphers on;
 ssl_session_tickets off;
 ssl_session_timeout 1d;
 ssl_session_cache shared:MozSSL:10m;