1

Update TLS ciphers / versions to latest standards


E
Erulezz

The Nginx-defaults.conf file is using old TLS ciphers. The Mozilla SSL generator has been updated to support al lot more configurations / software:

ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1d&guideline=5.6

Can the TLS Ciphers (and TLS versions, specifically remove TLS 1.1) be updated to the latest version? Also add stapling as default?

A

Activity Newest / Oldest

smtalk

TLSv1.1 isn't used by default. Mozilla generator configs are. Make sure you have no ssl_configuration=old in your options.conf file.