ssl cipher list prefer chacha20 for tls1.2

author: Christian Pointner <equinox@spreadspace.org> 2020-08-28 00:36:05 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2020-08-28 00:36:05 +0200
commit: 423b33805d51781c63780d797f0b67261da4a7b8 (patch)
tree: a20d12874ad1427d3f25569a210f6bccf1a01d7c /roles
parent: finalize ch-imap-proxy (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/roles/nginx/base/files/snippets/tls.conf b/roles/nginx/base/files/snippets/tls.conf
index 46d43ecb..9c4f7853 100644
--- a/roles/nginx/base/files/snippets/tls.conf
+++ b/roles/nginx/base/files/snippets/tls.conf
@@ -1,5 +1,5 @@
 ssl_protocols TLSv1.2 TLSv1.3;
-ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES128:!RSA:!ADH:!AECDH:!MD5;
+ssl_ciphers ECDHE+CHACHA20:ECDHE+AESGCM:DHE+CHACHA20:DHE+AESGCM:ECDHE+AES256:DHE+AES256:ECDHE+AES128:DHE+AES128:!ADH:!AECDH:!MD5:!SHA;
 ssl_prefer_server_ciphers on;
 
 ssl_dhparam /etc/ssl/dhparams.pem;
author	Christian Pointner <equinox@spreadspace.org>	2020-08-28 00:36:05 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2020-08-28 00:36:05 +0200
commit	423b33805d51781c63780d797f0b67261da4a7b8 (patch)
tree	a20d12874ad1427d3f25569a210f6bccf1a01d7c /roles
parent	finalize ch-imap-proxy (diff)