summary refs log tree commit diff
path: root/nixos
diff options
context:
space:
mode:
authorTristan Helmich <tristan.helmich@gmail.com>2016-02-01 14:09:13 +0100
committerRobin Gloster <mail@glob.in>2016-07-28 11:59:13 +0000
commit35d76a72aba69108a369478be6cb21914d5075a5 (patch)
tree7867403e367b63ddcd28d5b5cb5ef441a51db725 /nixos
parent8bd1f401bbacf7e6537528d3f2dfd9e610e346c8 (diff)
downloadnixlib-35d76a72aba69108a369478be6cb21914d5075a5.tar
nixlib-35d76a72aba69108a369478be6cb21914d5075a5.tar.gz
nixlib-35d76a72aba69108a369478be6cb21914d5075a5.tar.bz2
nixlib-35d76a72aba69108a369478be6cb21914d5075a5.tar.lz
nixlib-35d76a72aba69108a369478be6cb21914d5075a5.tar.xz
nixlib-35d76a72aba69108a369478be6cb21914d5075a5.tar.zst
nixlib-35d76a72aba69108a369478be6cb21914d5075a5.zip
nginx module: Add sslCiphers option
Diffstat (limited to 'nixos')
-rw-r--r--nixos/modules/services/web-servers/nginx/default.nix8


1 files changed, 7 insertions, 1 deletions
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix
index 75ce9e26a30f..b74a35f1e9f5 100644
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@@ -34,7 +34,7 @@ let
       ssl_session_cache shared:SSL:42m;
       ssl_session_timeout 23m;
 
-      ssl_ciphers EDH+aRSA+AES256:+AESGCM:ECDHE+aRSA+AES256;
+      ssl_ciphers ${cfg.sslCiphers};
       ssl_ecdh_curve secp521r1;
       ssl_prefer_server_ciphers on;
 
@@ -191,6 +191,12 @@ in
         description = "Show nginx version in headers and error pages";
       };
 
+      sslCiphers = mkOption {
+        type = types.str;
+        default = "EDH+CHACHA20:EDH+AES:EECDHE+CHACHA20:ECDHE+AES:+AES128:-DSS";
+        description = "Ciphers to choose from when negotiating tls handshakes.";
+      };
+
       sslProtocols = mkOption {
         type = types.str;
         default = "TLSv1.2";

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-07 17:21:36 +0000