From 37c66fd34e9d44b872039f14e0414184b259de62 Mon Sep 17 00:00:00 2001
From: Joe Grund <jgrund@whamcloud.io>
Date: Thu, 3 Sep 2020 22:23:09 -0400
Subject: [PATCH] Bump nginx to support tlsv1.3

Signed-off-by: Joe Grund <jgrund@whamcloud.io>
---
 chroma-manager.conf.template                                   | 3 +--
 ..._manager_cli__nginx__tests__replace_template_variables.snap | 3 +--
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/chroma-manager.conf.template b/chroma-manager.conf.template
index 9d2e5b760c..991ef2be08 100644
--- a/chroma-manager.conf.template
+++ b/chroma-manager.conf.template
@@ -63,9 +63,8 @@ server {
     ssl_trusted_certificate {{SSL_PATH}}/authority.crt;
     ssl_client_certificate {{SSL_PATH}}/authority.crt;
     ssl_verify_client optional;
-    ssl_protocols TLSv1.2;
+    ssl_protocols TLSv1.2 TLSv1.3;
     ssl_prefer_server_ciphers on;
-    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:!DH+3DES:!ADH:!AECDH:!RC4:!aNULL:!MD5';
 
     ssl_session_cache shared:SSL:10m;
     ssl_session_timeout 180m;
diff --git a/iml-manager-cli/src/snapshots/iml_manager_cli__nginx__tests__replace_template_variables.snap b/iml-manager-cli/src/snapshots/iml_manager_cli__nginx__tests__replace_template_variables.snap
index 008e36564d..d8da220d0d 100644
--- a/iml-manager-cli/src/snapshots/iml_manager_cli__nginx__tests__replace_template_variables.snap
+++ b/iml-manager-cli/src/snapshots/iml_manager_cli__nginx__tests__replace_template_variables.snap
@@ -67,9 +67,8 @@ server {
     ssl_trusted_certificate /var/lib/chroma/authority.crt;
     ssl_client_certificate /var/lib/chroma/authority.crt;
     ssl_verify_client optional;
-    ssl_protocols TLSv1.2;
+    ssl_protocols TLSv1.2 TLSv1.3;
     ssl_prefer_server_ciphers on;
-    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:!DH+3DES:!ADH:!AECDH:!RC4:!aNULL:!MD5';
 
     ssl_session_cache shared:SSL:10m;
     ssl_session_timeout 180m;