From 965497e2653fcf39f2082cc23d12b764c5c0dca1 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Fri, 8 Nov 2019 23:28:20 +0100
Subject: nginx: do some tls hardening

---
 roles/nginx/base/defaults/main.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'roles/nginx/base/defaults/main.yml')

diff --git a/roles/nginx/base/defaults/main.yml b/roles/nginx/base/defaults/main.yml
index f460fa91..2cd84e5a 100644
--- a/roles/nginx/base/defaults/main.yml
+++ b/roles/nginx/base/defaults/main.yml
@@ -5,7 +5,10 @@ nginx_conf_d_files:
   - connection-upgrade
 
 nginx_snippets:
-  - ssl
+  - tls
+  - tls-legacy
   - hsts
   - proxy-nobuff
   - proxy-forward-headers
+
+nginx_dhparam_size: 2048
-- 
cgit v1.2.3