summaryrefslogtreecommitdiffstats
path: root/roles/common-web
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2014-06-25 02:43:06 +0200
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:51:48 +0200
commitd6b03b72e8081c983822502e436ec548aa36901e (patch)
tree6548fd4649f32a2ad37346c318c3b32060fae162 /roles/common-web
parent2a2333cdfb016bb884887f46fbcbfdce6e064d74 (diff)
wibble
Diffstat (limited to 'roles/common-web')
-rw-r--r--roles/common-web/files/etc/nginx/ssl/config12
1 files changed, 6 insertions, 6 deletions
diff --git a/roles/common-web/files/etc/nginx/ssl/config b/roles/common-web/files/etc/nginx/ssl/config
index 6f0546b..7deef29 100644
--- a/roles/common-web/files/etc/nginx/ssl/config
+++ b/roles/common-web/files/etc/nginx/ssl/config
@@ -1,18 +1,18 @@
ssl on;
# See http://nginx.org/en/docs/http/configuring_https_servers.html#optimization
-keepalive_timeout 75 75;
-ssl_session_timeout 5m;
-ssl_session_cache shared:SSL:5m;
+keepalive_timeout 75 75;
+ssl_session_timeout 5m;
+ssl_session_cache shared:SSL:5m;
# XXX: Ideally we want to get rid of TLSv1, to be immune to the BEAST
# attack. Sadly as of 2013 many clients don't support TLSv1.2, though.
# The alternative would be to reject BEAST-vulnerable ciphers from TLSv1
# in favor of RC4, but that's not satisfactory either since RC4 has
# other weaknesses.
-ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-ssl_ciphers HIGH:!SSLv2:!aNULL:!eNULL:!3DES:!MD5:@STRENGTH;
-ssl_prefer_server_ciphers on;
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ssl_ciphers HIGH:!SSLv2:!aNULL:!eNULL:!3DES:!MD5:@STRENGTH;
+ssl_prefer_server_ciphers on;
# Strict Transport Security header for enhanced security. See
# http://www.chromium.org/sts.