From d6b03b72e8081c983822502e436ec548aa36901e Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 25 Jun 2014 02:43:06 +0200
Subject: wibble

---
 roles/common-web/files/etc/nginx/ssl/config | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'roles/common-web')

diff --git a/roles/common-web/files/etc/nginx/ssl/config b/roles/common-web/files/etc/nginx/ssl/config
index 6f0546b..7deef29 100644
--- a/roles/common-web/files/etc/nginx/ssl/config
+++ b/roles/common-web/files/etc/nginx/ssl/config
@@ -1,18 +1,18 @@
 ssl on;
 
 # See http://nginx.org/en/docs/http/configuring_https_servers.html#optimization
-keepalive_timeout 			75 75;
-ssl_session_timeout			5m;
-ssl_session_cache 			shared:SSL:5m;
+keepalive_timeout           75 75;
+ssl_session_timeout         5m;
+ssl_session_cache           shared:SSL:5m;
 
 # XXX: Ideally we want to get rid of TLSv1, to be immune to the BEAST
 # attack. Sadly as of 2013 many clients don't support TLSv1.2, though.
 # The alternative would be to reject BEAST-vulnerable ciphers from TLSv1
 # in favor of RC4, but that's not satisfactory either since RC4 has
 # other weaknesses.
-ssl_protocols 				TLSv1 TLSv1.1 TLSv1.2;
-ssl_ciphers 				HIGH:!SSLv2:!aNULL:!eNULL:!3DES:!MD5:@STRENGTH;
-ssl_prefer_server_ciphers 	on;
+ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
+ssl_ciphers                 HIGH:!SSLv2:!aNULL:!eNULL:!3DES:!MD5:@STRENGTH;
+ssl_prefer_server_ciphers   on;
 
 # Strict Transport Security header for enhanced security. See
 # http://www.chromium.org/sts.
-- 
cgit v1.2.3