Changes between Version 2 and Version 3 of Ticket #676, comment 8


Ignore:
Timestamp:
07/26/22 00:49:50 (22 months ago)
Author:
Thomas Spear

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #676, comment 8

    v2 v3  
    99In the default server configuration:
    1010
    11     ssl_protocols TLSv1.2 TLSv1.3;
    12     ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
    13     ssl_conf_command Ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256;
    14     ssl_prefer_server_ciphers  on;
     11ssl_protocols TLSv1.2 TLSv1.3;
     12ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
     13ssl_conf_command Ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256;
     14ssl_prefer_server_ciphers on;
    1515
    1616Normally with TLSv1.3 I read that it's best to set ssl_prefer_server_ciphers set to off, because all ciphers are considered secure, and so that devices not supporting AES can choose the Chacha20 cipher instead of being forced to use