Mozilla SSL profiles (with TLSv1.3)

2025-08-09 15:28:12 +08:00 · 2019-06-17 14:20:54 +02:00
parent 69a3d77cd2
commit c737e92ab0
5 changed files with 132 additions and 47 deletions
--- a/public/templates/commands.html
+++ b/public/templates/commands.html
@@ -23,7 +23,7 @@
 --><!--

 ✔ SSL DH required --><span ng-if="isSSLDHRequired()"><span class="hljs-comment"><span class="counter">.</span> Generate Diffie-Hellman keys:</span>
-   <span class="hljs-section">openssl</span> <span class="hljs-attribute">dhparam -dsaparam</span> <span class="hljs-attribute">-out</span> {{ data.directory_nginx }}dhparam.pem <span class="hljs-number">{{ isSSLProfileLegacy() ? 1024 : 2048 }}</span>
+   <span class="hljs-section">openssl</span> <span class="hljs-attribute">dhparam -dsaparam</span> <span class="hljs-attribute">-out</span> {{ data.directory_nginx }}dhparam.pem <span class="hljs-number">{{ sslProfiles[ data.ssl_profile ].dh_param_size }}</span>
 </span><!--

 ✔ Let's Encrypt
--- a/public/templates/conf/nginx.conf.html
+++ b/public/templates/conf/nginx.conf.html
@@ -52,7 +52,7 @@ http {<!--

 	# SSL
 	ssl_session_timeout 1d;
-	ssl_session_cache shared:SSL:50m;
+	ssl_session_cache shared:SSL:10m;
 	ssl_session_tickets off;<!--

 	✔ SSL DH required --><span ng-if="isSSLDHRequired()">
@@ -61,9 +61,11 @@ http {<!--
 	ssl_dhparam {{ data.directory_nginx }}dhparam.pem;</span>

 	# {{ sslProfiles[ data.ssl_profile ].name }} configuration
-	ssl_protocols {{ sslProfiles[ data.ssl_profile ].protocols }};
-	ssl_ciphers {{ sslProfiles[ data.ssl_profile ].ciphers }};
-	ssl_prefer_server_ciphers on;
+	ssl_protocols {{ sslProfiles[ data.ssl_profile ].protocols.join(' ') }};
+	ssl_ciphers {{ sslProfiles[ data.ssl_profile ].ciphers.join(':') }};<!--
+
+	✔ SSL server preferred order --><span ng-if="sslProfiles[ data.ssl_profile ].server_preferred_order">
+	ssl_prefer_server_ciphers on;</span>

 	# OCSP Stapling
 	ssl_stapling on;