Am 17.01.2023 12:22 schrieb Stuart Henderson:
> ssl_ciphers
> ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256;
>
> More specific than it needs to be really, and the list may get
> outdated.
> Something like "TLSv1.3:TLSv1.2+AEAD+ECDHE" would be nicer.
>
> ssl_prefer_server_ciphers on;
>
> You're only listing modern ciphers anyway; it's often better to leave
> it up to the client to decide (e.g. the client knows whether it has AES
> acceleration and can use that to decide a preference between AES-GCM or
> CHACHA20-POLY1305; could be a fair difference in battery life on mobile
> devices).
you're right.. I think I used the mozilla config generator for that one
"back then".. hmm.
and some include snippet would the maximum I'd go, too
ciao
--
pb
No comments:
Post a Comment