cqrenet/relay
3
0
Fork 0
mirror of https://github.com/chatmail/relay.git synced 2026-05-12 09:04:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): remove deprecated TLS 1.0/1.1 from nginx config

Browse Source 
TLS 1.0/1.1 deprecated by RFC 8996. Nginx default is TLSv1.2 TLSv1.3.
Aligns with postfix (>=TLSv1.2) and dovecot (TLSv1.3) in the same stack.
This commit is contained in:
Alex V.
2026-02-07 16:50:43 +03:00
parent c48a7d80dc
commit 0d3cde9850
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cmdeploy/src/cmdeploy/nginx/nginx.conf.j2
View File

@@ -51,7 +51,7 @@ http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_certificate /var/lib/acme/live/{{ config.domain_name }}/fullchain;
ssl_certificate_key /var/lib/acme/live/{{ config.domain_name }}/privkey;