From 875c1ac1f4ae83c9d4549b9d727eae8b897b9a3e Mon Sep 17 00:00:00 2001
From: Viyurz <128215328+Viyurz@users.noreply.github.com>
Date: Thu, 23 Nov 2023 13:04:15 +0000
Subject: [PATCH] NGINX RP : Downgrade params SSL pr Firefox android
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Pour jsp quelle raison firefox android balance une erreur si on essaie
d'ajouter SearXNG aux moteurs de recherche en ayant que SSL 1.3
d'activé. Du coup j'ai baissé les exigeances pr autoriser SSL 1.2.
---
 nginx-rp/dhparam.txt         | 8 ++++++++
 nginx-rp/docker-compose.yaml | 1 +
 nginx-rp/nginx.conf          | 8 ++++----
 3 files changed, 13 insertions(+), 4 deletions(-)
 create mode 100644 nginx-rp/dhparam.txt

diff --git a/nginx-rp/dhparam.txt b/nginx-rp/dhparam.txt
new file mode 100644
index 0000000..088f967
--- /dev/null
+++ b/nginx-rp/dhparam.txt
@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
+87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
+YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
+7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
+ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
+-----END DH PARAMETERS-----
\ No newline at end of file
diff --git a/nginx-rp/docker-compose.yaml b/nginx-rp/docker-compose.yaml
index d11e01c..583e5b9 100644
--- a/nginx-rp/docker-compose.yaml
+++ b/nginx-rp/docker-compose.yaml
@@ -6,5 +6,6 @@ services:
     network_mode: host
     volumes:
       - ./nginx.conf:/etc/nginx/nginx.conf
+      - ./dhparam.txt:/dhparam.txt
       - /etc/letsencrypt/live/viyurz.fr:/etc/letsencrypt/live/viyurz.fr
       - /etc/letsencrypt/archive/viyurz.fr:/etc/letsencrypt/archive/viyurz.fr
diff --git a/nginx-rp/nginx.conf b/nginx-rp/nginx.conf
index a33d8d5..ec569bc 100644
--- a/nginx-rp/nginx.conf
+++ b/nginx-rp/nginx.conf
@@ -34,13 +34,13 @@ http {
 	ssl_trusted_certificate /etc/letsencrypt/live/viyurz.fr/chain.pem;
 
 	# modern configuration
-	ssl_protocols TLSv1.3;
+	# ssl_protocols TLSv1.3;
 
 	# intermediate configuration
-	# ssl_protocols TLSv1.2 TLSv1.3;
-	# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
+	ssl_protocols TLSv1.2 TLSv1.3;
+	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
 	# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
-	# ssl_dhparam /path/to/dhparam;
+	ssl_dhparam /dhparam.txt;
 
     ssl_prefer_server_ciphers off;