diff options
author | Tristan Helmich <tristan.helmich@gmail.com> | 2016-02-01 14:08:45 +0100 |
---|---|---|
committer | Robin Gloster <mail@glob.in> | 2016-07-28 11:59:13 +0000 |
commit | 8bd1f401bbacf7e6537528d3f2dfd9e610e346c8 (patch) | |
tree | 313a73eeec4c680fa487321c19db02b3167168e3 /nixos | |
parent | 900b311a386b82ab66f209c1b9d4c292af08d6dc (diff) | |
download | nixlib-8bd1f401bbacf7e6537528d3f2dfd9e610e346c8.tar nixlib-8bd1f401bbacf7e6537528d3f2dfd9e610e346c8.tar.gz nixlib-8bd1f401bbacf7e6537528d3f2dfd9e610e346c8.tar.bz2 nixlib-8bd1f401bbacf7e6537528d3f2dfd9e610e346c8.tar.lz nixlib-8bd1f401bbacf7e6537528d3f2dfd9e610e346c8.tar.xz nixlib-8bd1f401bbacf7e6537528d3f2dfd9e610e346c8.tar.zst nixlib-8bd1f401bbacf7e6537528d3f2dfd9e610e346c8.zip |
nginx module: Add sslProtocols option
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/web-servers/nginx/default.nix | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index fb3f554bbf25..75ce9e26a30f 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -30,7 +30,7 @@ let types_hash_max_size 2048; # use secure TLS defaults - ssl_protocols TLSv1.2; + ssl_protocols ${cfg.sslProtocols}; ssl_session_cache shared:SSL:42m; ssl_session_timeout 23m; @@ -191,6 +191,13 @@ in description = "Show nginx version in headers and error pages"; }; + sslProtocols = mkOption { + type = types.str; + default = "TLSv1.2"; + example = "TLSv1 TLSv1.1 TLSv1.2"; + description = "Allowed TLS protocol versions."; + }; + virtualHosts = mkOption { type = types.attrsOf (types.submodule (import ./vhost-options.nix { inherit lib; |