public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nginx module: Add sslCiphers option

This commit is contained in:
Tristan Helmich 2016-02-01 14:09:13 +01:00 committed by Robin Gloster
parent 8bd1f401bb
commit 35d76a72ab
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
nixos/modules/services/web-servers/nginx/default.nix
View File

@ -34,7 +34,7 @@ let
ssl_session_cache shared:SSL:42m; ssl_session_cache shared:SSL:42m;
ssl_session_timeout 23m; ssl_session_timeout 23m;
ssl_ciphers EDH+aRSA+AES256:+AESGCM:ECDHE+aRSA+AES256; ssl_ciphers ${cfg.sslCiphers};
ssl_ecdh_curve secp521r1; ssl_ecdh_curve secp521r1;
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
@ -191,6 +191,12 @@ in
description = "Show nginx version in headers and error pages"; description = "Show nginx version in headers and error pages";
}; };
sslCiphers = mkOption {
type = types.str;
default = "EDH+CHACHA20:EDH+AES:EECDHE+CHACHA20:ECDHE+AES:+AES128:-DSS";
description = "Ciphers to choose from when negotiating tls handshakes.";
};
sslProtocols = mkOption { sslProtocols = mkOption {
type = types.str; type = types.str;
default = "TLSv1.2"; default = "TLSv1.2";