From 0ab8f5f83ac02a7ccc70df8d7b7e0508ba2cb008 Mon Sep 17 00:00:00 2001
From: Cielquan <>
Date: Wed, 6 Nov 2019 17:59:42 +0100
Subject: [PATCH] dropped TLSv1.2 in nginx streams

---
 nginx-docker/templates/dns-over-tls.conf.template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nginx-docker/templates/dns-over-tls.conf.template b/nginx-docker/templates/dns-over-tls.conf.template
index a5b92b3..618b92a 100644
--- a/nginx-docker/templates/dns-over-tls.conf.template
+++ b/nginx-docker/templates/dns-over-tls.conf.template
@@ -4,8 +4,8 @@ server {
         include snippets/cert_DOMAIN.conf;
         ssl_dhparam             /etc/nginx/dhparam.pem;
 
-        ssl_protocols           TLSv1.2 TLSv1.3;
-        ssl_ciphers             HIGH:!aNULL:!MD5;
+        ssl_protocols           TLSv1.3;
+        ssl_ciphers             ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
         ssl_handshake_timeout   10s;
         ssl_session_cache       shared:DoT:20m;
         ssl_session_timeout     4h;