nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-10 15:48:13 -05:00
Code

update ssl ciphers to mozilla recommendations

Browse Source
This commit is contained in:
Kyle Spearrin 2018-08-14 08:42:01 -04:00
parent f08ff966b0
commit 20f45ca2de
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
util/Setup/NginxConfigBuilder.cs
View File

@ -7,10 +7,9 @@ namespace Bit.Setup
{
private const string ConfFile = "/bitwarden/nginx/default.conf";
private const string SslCiphers =
"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:" +
"ECDHE-RSA-CHACHA20-POLY1305:" +
"DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:" +
"ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256";
"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:" +
"ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:" +
"ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256";
private const string ContentSecurityPolicy =
"default-src 'self'; style-src 'self' 'unsafe-inline'; " +
"img-src 'self' data: https://haveibeenpwned.com https://www.gravatar.com; " +
@ -115,7 +114,7 @@ server {{
}
sw.WriteLine($@"
# SSL protocol TLSv1.2 is allowed. Disabed SSLv3, TLSv1, and TLSv1.1
# SSL protocol TLSv1.2 is allowed. Disabled SSLv3, TLSv1, and TLSv1.1
ssl_protocols TLSv1.2;
# Enable most secure cipher suites only.
ssl_ciphers ""{SslCiphers}"";