Skip to content

Nginx SSL TLS and Cipher options #951

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
phantomski77 opened this issue Mar 15, 2021 · 5 comments
Open

Nginx SSL TLS and Cipher options #951

phantomski77 opened this issue Mar 15, 2021 · 5 comments
Labels
enhancement stale

Comments

@phantomski77
Copy link
Contributor

Is your feature request related to a problem? Please describe.
Currently the Nginx options for TLS settings and ciphers are either fixed (ciphers) or modifiable only partially (TLS server templates for hosts allowing changes for HSTS and HTTP/2). More options would allow to use Mozilla Modern TLS 1.3 configurations or allow users to switch between old/intermediate/modern configurations and/or their individual options to suit their server/client needs and capability.

Describe the solution you'd like

  • either additional templates + Tabler WebGUI options for /etc/nginx/conf.d/include/ssl-ciphers.conf allowing to choose ssl_protocols (TLSv1.3), ssl_ciphers (lists), ssl_prefer_server_ciphers (off), ssl_ecdh_curve (X25519:prime256v1:secp384r1)
  • or extension of current templates for creation of individual site.conf files with more options to choose from, that would incorporate the above cipher options - again as per Mozilla recommendations above, potentially also with addition of OCSP stapling (probably separate subject due to complexity).

Describe alternatives you've considered
Just editing of /etc/nginx/conf.d/include/ssl-ciphers.conf

Additional context
Again, ideally both selectable individual options above and composite options to choose between old, intermediate and modern configurations as per Mozilla specs would be amazing.

As always - thank you for your great effort so far. No pressure and thank you for consideration.
@Nate-09 Nate-09 mentioned this issue Jul 22, 2021
Closed
@sanderlv
Copy link

Please, I need to add this for my alexa MP3 playing to work...

I don't know how to add that.

ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
ssl_ecdh_curve X25519:secp521r1:prime256v1

@sanderlv
Copy link

sanderlv commented May 4, 2023

Any progress on this important part?

@github-actions GitHub Actions
Copy link

Issue is now considered stale. If you want to keep it open, please comment 👍

@github-actions github-actions bot added the stale label Mar 16, 2024
@sanderlv
Copy link

Dead?

@github-actions github-actions bot removed the stale label May 16, 2024
@github-actions GitHub Actions
Copy link

Issue is now considered stale. If you want to keep it open, please comment 👍

@github-actions github-actions bot added the stale label Dec 13, 2024
@mnr73 mnr73 mentioned this issue Dec 22, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sanderlv @phantomski77