about summary refs log tree commit diff
path: root/nixos
diff options
context:
space:
mode:
authorTristan Helmich <tristan.helmich@gmail.com>2016-02-01 14:08:45 +0100
committerRobin Gloster <mail@glob.in>2016-07-28 11:59:13 +0000
commit8bd1f401bbacf7e6537528d3f2dfd9e610e346c8 (patch)
tree313a73eeec4c680fa487321c19db02b3167168e3 /nixos
parent900b311a386b82ab66f209c1b9d4c292af08d6dc (diff)
downloadnixlib-8bd1f401bbacf7e6537528d3f2dfd9e610e346c8.tar
nixlib-8bd1f401bbacf7e6537528d3f2dfd9e610e346c8.tar.gz
nixlib-8bd1f401bbacf7e6537528d3f2dfd9e610e346c8.tar.bz2
nixlib-8bd1f401bbacf7e6537528d3f2dfd9e610e346c8.tar.lz
nixlib-8bd1f401bbacf7e6537528d3f2dfd9e610e346c8.tar.xz
nixlib-8bd1f401bbacf7e6537528d3f2dfd9e610e346c8.tar.zst
nixlib-8bd1f401bbacf7e6537528d3f2dfd9e610e346c8.zip
nginx module: Add sslProtocols option
Diffstat (limited to 'nixos')
-rw-r--r--nixos/modules/services/web-servers/nginx/default.nix9


1 files changed, 8 insertions, 1 deletions
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix
index fb3f554bbf25..75ce9e26a30f 100644
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@@ -30,7 +30,7 @@ let
       types_hash_max_size 2048;
 
       # use secure TLS defaults
-      ssl_protocols TLSv1.2;
+      ssl_protocols ${cfg.sslProtocols};
       ssl_session_cache shared:SSL:42m;
       ssl_session_timeout 23m;
 
@@ -191,6 +191,13 @@ in
         description = "Show nginx version in headers and error pages";
       };
 
+      sslProtocols = mkOption {
+        type = types.str;
+        default = "TLSv1.2";
+        example = "TLSv1 TLSv1.1 TLSv1.2";
+        description = "Allowed TLS protocol versions.";
+      };
+
       virtualHosts = mkOption {
         type = types.attrsOf (types.submodule (import ./vhost-options.nix {
           inherit lib;

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-06 23:26:48 +0000