public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nginx module: Add sslProtocols option

This commit is contained in:
Tristan Helmich 2016-02-01 14:08:45 +01:00 committed by Robin Gloster
parent 900b311a38
commit 8bd1f401bb
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
nixos/modules/services/web-servers/nginx/default.nix
View File

@ -30,7 +30,7 @@ let
types_hash_max_size 2048; types_hash_max_size 2048;
# use secure TLS defaults # use secure TLS defaults
ssl_protocols TLSv1.2; ssl_protocols ${cfg.sslProtocols};
ssl_session_cache shared:SSL:42m; ssl_session_cache shared:SSL:42m;
ssl_session_timeout 23m; ssl_session_timeout 23m;
@ -191,6 +191,13 @@ in
description = "Show nginx version in headers and error pages"; description = "Show nginx version in headers and error pages";
}; };
sslProtocols = mkOption {
type = types.str;
default = "TLSv1.2";
example = "TLSv1 TLSv1.1 TLSv1.2";
description = "Allowed TLS protocol versions.";
};
virtualHosts = mkOption { virtualHosts = mkOption {
type = types.attrsOf (types.submodule (import ./vhost-options.nix { type = types.attrsOf (types.submodule (import ./vhost-options.nix {
inherit lib; inherit lib;