NGINX RP : Downgrade params SSL pr Firefox android

Pour jsp quelle raison firefox android balance une erreur si on essaie
d'ajouter SearXNG aux moteurs de recherche en ayant que SSL 1.3
d'activé. Du coup j'ai baissé les exigeances pr autoriser SSL 1.2.
This commit is contained in:
Viyurz 2023-11-23 13:04:15 +00:00
parent f5874b66a5
commit 875c1ac1f4
No known key found for this signature in database
3 changed files with 13 additions and 4 deletions

8
nginx-rp/dhparam.txt Normal file
View file

@ -0,0 +1,8 @@
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
-----END DH PARAMETERS-----

View file

@ -6,5 +6,6 @@ services:
network_mode: host
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- ./dhparam.txt:/dhparam.txt
- /etc/letsencrypt/live/viyurz.fr:/etc/letsencrypt/live/viyurz.fr
- /etc/letsencrypt/archive/viyurz.fr:/etc/letsencrypt/archive/viyurz.fr

View file

@ -34,13 +34,13 @@ http {
ssl_trusted_certificate /etc/letsencrypt/live/viyurz.fr/chain.pem;
# modern configuration
ssl_protocols TLSv1.3;
# ssl_protocols TLSv1.3;
# intermediate configuration
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
# ssl_dhparam /path/to/dhparam;
ssl_dhparam /dhparam.txt;
ssl_prefer_server_ciphers off;