summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Pointner <equinox@spreadspace.org>2020-08-28 00:36:05 +0200
committerChristian Pointner <equinox@spreadspace.org>2020-08-28 00:36:05 +0200
commit423b33805d51781c63780d797f0b67261da4a7b8 (patch)
treea20d12874ad1427d3f25569a210f6bccf1a01d7c
parentfinalize ch-imap-proxy (diff)
ssl cipher list prefer chacha20 for tls1.2
Diffstat
-rw-r--r--chaos-at-home/ch-imap-proxy.yml2
-rw-r--r--roles/nginx/base/files/snippets/tls.conf2
2 files changed, 3 insertions, 1 deletions
diff --git a/chaos-at-home/ch-imap-proxy.yml b/chaos-at-home/ch-imap-proxy.yml
index f3fad1df..967d7613 100644
--- a/chaos-at-home/ch-imap-proxy.yml
+++ b/chaos-at-home/ch-imap-proxy.yml
@@ -39,6 +39,8 @@
options = NO_SSLv3
options = NO_TLSv1
options = NO_TLSv1.1
+ options = CIPHER_SERVER_PREFERENCE
+ ciphers = ECDHE+CHACHA20:ECDHE+AESGCM:DHE+CHACHA20:DHE+AESGCM:ECDHE+AES256:DHE+AES256:ECDHE+AES128:DHE+AES128:!ADH:!AECDH:!MD5:!SHA
accept = 993
connect = 127.0.0.1:143
notify: restart stunnel4
diff --git a/roles/nginx/base/files/snippets/tls.conf b/roles/nginx/base/files/snippets/tls.conf
index 46d43ecb..9c4f7853 100644
--- a/roles/nginx/base/files/snippets/tls.conf
+++ b/roles/nginx/base/files/snippets/tls.conf
@@ -1,5 +1,5 @@
ssl_protocols TLSv1.2 TLSv1.3;
-ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES128:!RSA:!ADH:!AECDH:!MD5;
+ssl_ciphers ECDHE+CHACHA20:ECDHE+AESGCM:DHE+CHACHA20:DHE+AESGCM:ECDHE+AES256:DHE+AES256:ECDHE+AES128:DHE+AES128:!ADH:!AECDH:!MD5:!SHA;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/dhparams.pem;
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-28 23:46:42 +0000