nginx module: Enable http2

author: Franz Pletz <fpletz@fnordicwalking.de> 2016-04-29 09:17:30 +0200
committer: Robin Gloster <mail@glob.in> 2016-07-28 11:59:13 +0000
commit: de8008a1b182ea2eb1740f8ca2aa2f7e3f37b5e1 (patch)
tree: ba50e5209185cf6e03fdb85e15ab229e6269a169 /nixos
parent: e982aeae6a2ab4f414b1a505852d69271cb779ae (diff)
download: nixpkgs-de8008a1b182ea2eb1740f8ca2aa2f7e3f37b5e1.tar
nixpkgs-de8008a1b182ea2eb1740f8ca2aa2f7e3f37b5e1.tar.gz
nixpkgs-de8008a1b182ea2eb1740f8ca2aa2f7e3f37b5e1.tar.bz2
nixpkgs-de8008a1b182ea2eb1740f8ca2aa2f7e3f37b5e1.tar.lz
nixpkgs-de8008a1b182ea2eb1740f8ca2aa2f7e3f37b5e1.tar.xz
nixpkgs-de8008a1b182ea2eb1740f8ca2aa2f7e3f37b5e1.tar.zst
nixpkgs-de8008a1b182ea2eb1740f8ca2aa2f7e3f37b5e1.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix
index 1338f6aec22..1978de6da6e 100644
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@@ -35,7 +35,7 @@ let
       ssl_session_timeout 23m;
 
       ssl_ciphers ${cfg.sslCiphers};
-      ssl_ecdh_curve secp521r1;
+      ssl_ecdh_curve secp384r1;
       ssl_prefer_server_ciphers on;
       ${optionalString (cfg.sslDhparam != null) "ssl_dhparam ${cfg.sslDhparam};"}
 
@@ -79,7 +79,7 @@ let
       let
         ssl = vhost.enableSSL || vhost.forceSSL;
         port = if vhost.port != null then vhost.port else (if ssl then 443 else 80);
-        listenString = toString port + optionalString ssl " ssl spdy"
+        listenString = toString port + optionalString ssl " ssl http2"
           + optionalString vhost.default " default";
         acmeLocation = optionalString vhost.enableACME ''
           location /.well-known/acme-challenge {
@@ -221,7 +221,7 @@ in
 
       sslCiphers = mkOption {
         type = types.str;
-        default = "EDH+CHACHA20:EDH+AES:EECDHE+CHACHA20:ECDHE+AES:+AES128:-DSS";
+        default = "EECDH+aRSA+AESGCM:EDH+aRSA:EECDH+aRSA:+AES256:+AES128:+SHA1:!CAMELLIA:!SEED:!3DES:!DES:!RC4:!eNULL";
         description = "Ciphers to choose from when negotiating tls handshakes.";
       };
author	Franz Pletz <fpletz@fnordicwalking.de>	2016-04-29 09:17:30 +0200
committer	Robin Gloster <mail@glob.in>	2016-07-28 11:59:13 +0000
commit	de8008a1b182ea2eb1740f8ca2aa2f7e3f37b5e1 (patch)
tree	ba50e5209185cf6e03fdb85e15ab229e6269a169 /nixos
parent	e982aeae6a2ab4f414b1a505852d69271cb779ae (diff)
download	nixpkgs-de8008a1b182ea2eb1740f8ca2aa2f7e3f37b5e1.tar nixpkgs-de8008a1b182ea2eb1740f8ca2aa2f7e3f37b5e1.tar.gz nixpkgs-de8008a1b182ea2eb1740f8ca2aa2f7e3f37b5e1.tar.bz2 nixpkgs-de8008a1b182ea2eb1740f8ca2aa2f7e3f37b5e1.tar.lz nixpkgs-de8008a1b182ea2eb1740f8ca2aa2f7e3f37b5e1.tar.xz nixpkgs-de8008a1b182ea2eb1740f8ca2aa2f7e3f37b5e1.tar.zst nixpkgs-de8008a1b182ea2eb1740f8ca2aa2f7e3f37b5e1.zip