From 111fc287ebe7921c8b6fab2435fe061d8a9b1078 Mon Sep 17 00:00:00 2001 From: milad nazari Date: Thu, 12 Dec 2024 01:49:19 +0330 Subject: [PATCH] Revert "add elliptic-curve" This reverts commit 95a94a4f8cade82e4121207c54b5258d75998543. --- docker/dev/letsencrypt.ini | 2 +- docker/rootfs/etc/letsencrypt.ini | 2 +- docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/docker/dev/letsencrypt.ini b/docker/dev/letsencrypt.ini index 9a01e1a9..0563383f 100644 --- a/docker/dev/letsencrypt.ini +++ b/docker/dev/letsencrypt.ini @@ -1,6 +1,6 @@ text = True non-interactive = True webroot-path = /data/letsencrypt-acme-challenge -elliptic-curve = X25519:prime256v1:secp384r1 +elliptic-curve = secp384r1 preferred-chain = ISRG Root X1 server = diff --git a/docker/rootfs/etc/letsencrypt.ini b/docker/rootfs/etc/letsencrypt.ini index a94d6135..7becd3b4 100644 --- a/docker/rootfs/etc/letsencrypt.ini +++ b/docker/rootfs/etc/letsencrypt.ini @@ -1,5 +1,5 @@ text = True non-interactive = True webroot-path = /data/letsencrypt-acme-challenge -elliptic-curve = X25519:prime256v1:secp384r1 +elliptic-curve = secp384r1 preferred-chain = ISRG Root X1 diff --git a/docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf b/docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf index ee724e17..2bae6e5c 100644 --- a/docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf +++ b/docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf @@ -5,3 +5,4 @@ ssl_session_cache shared:SSL:50m; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:RSA-AES256-CBC-SHA256"; ssl_prefer_server_ciphers off; +ssl_ecdh_curve X25519:prime256v1:secp384r1;