NGINX RP : Downgrade params SSL pr Firefox android
Pour jsp quelle raison firefox android balance une erreur si on essaie d'ajouter SearXNG aux moteurs de recherche en ayant que SSL 1.3 d'activé. Du coup j'ai baissé les exigeances pr autoriser SSL 1.2.
This commit is contained in:
Viyurz
parent
f5874b66a5
commit
875c1ac1f4
3 changed files with 13 additions and 4 deletions
8
nginx-rp/dhparam.txt
Normal file
8
nginx-rp/dhparam.txt
Normal file
|
|
@ -0,0 +1,8 @@
|
||||||
|
-----BEGIN DH PARAMETERS-----
|
||||||
|
MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
|
||||||
|
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
|
||||||
|
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
|
||||||
|
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
|
||||||
|
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
|
||||||
|
ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
|
||||||
|
-----END DH PARAMETERS-----
|
||||||
|
|
@ -6,5 +6,6 @@ services:
|
||||||
network_mode: host
|
network_mode: host
|
||||||
volumes:
|
volumes:
|
||||||
- ./nginx.conf:/etc/nginx/nginx.conf
|
- ./nginx.conf:/etc/nginx/nginx.conf
|
||||||
|
- ./dhparam.txt:/dhparam.txt
|
||||||
- /etc/letsencrypt/live/viyurz.fr:/etc/letsencrypt/live/viyurz.fr
|
- /etc/letsencrypt/live/viyurz.fr:/etc/letsencrypt/live/viyurz.fr
|
||||||
- /etc/letsencrypt/archive/viyurz.fr:/etc/letsencrypt/archive/viyurz.fr
|
- /etc/letsencrypt/archive/viyurz.fr:/etc/letsencrypt/archive/viyurz.fr
|
||||||
|
|
|
||||||
|
|
@ -34,13 +34,13 @@ http {
|
||||||
ssl_trusted_certificate /etc/letsencrypt/live/viyurz.fr/chain.pem;
|
ssl_trusted_certificate /etc/letsencrypt/live/viyurz.fr/chain.pem;
|
||||||
|
|
||||||
# modern configuration
|
# modern configuration
|
||||||
ssl_protocols TLSv1.3;
|
# ssl_protocols TLSv1.3;
|
||||||
|
|
||||||
# intermediate configuration
|
# intermediate configuration
|
||||||
# ssl_protocols TLSv1.2 TLSv1.3;
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
|
||||||
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
|
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
|
||||||
# ssl_dhparam /path/to/dhparam;
|
ssl_dhparam /dhparam.txt;
|
||||||
|
|
||||||
ssl_prefer_server_ciphers off;
|
ssl_prefer_server_ciphers off;
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue