diff options
author | Tristan Helmich <tristan.helmich@gmail.com> | 2016-02-01 14:09:13 +0100 |
---|---|---|
committer | Robin Gloster <mail@glob.in> | 2016-07-28 11:59:13 +0000 |
commit | 35d76a72aba69108a369478be6cb21914d5075a5 (patch) | |
tree | 7867403e367b63ddcd28d5b5cb5ef441a51db725 /nixos | |
parent | 8bd1f401bbacf7e6537528d3f2dfd9e610e346c8 (diff) | |
download | nixlib-35d76a72aba69108a369478be6cb21914d5075a5.tar nixlib-35d76a72aba69108a369478be6cb21914d5075a5.tar.gz nixlib-35d76a72aba69108a369478be6cb21914d5075a5.tar.bz2 nixlib-35d76a72aba69108a369478be6cb21914d5075a5.tar.lz nixlib-35d76a72aba69108a369478be6cb21914d5075a5.tar.xz nixlib-35d76a72aba69108a369478be6cb21914d5075a5.tar.zst nixlib-35d76a72aba69108a369478be6cb21914d5075a5.zip |
nginx module: Add sslCiphers option
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/web-servers/nginx/default.nix | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index 75ce9e26a30f..b74a35f1e9f5 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -34,7 +34,7 @@ let ssl_session_cache shared:SSL:42m; ssl_session_timeout 23m; - ssl_ciphers EDH+aRSA+AES256:+AESGCM:ECDHE+aRSA+AES256; + ssl_ciphers ${cfg.sslCiphers}; ssl_ecdh_curve secp521r1; ssl_prefer_server_ciphers on; @@ -191,6 +191,12 @@ in description = "Show nginx version in headers and error pages"; }; + sslCiphers = mkOption { + type = types.str; + default = "EDH+CHACHA20:EDH+AES:EECDHE+CHACHA20:ECDHE+AES:+AES128:-DSS"; + description = "Ciphers to choose from when negotiating tls handshakes."; + }; + sslProtocols = mkOption { type = types.str; default = "TLSv1.2"; |