Use x25519 for ECDH key exchange

author: reverite <samantha@chalker.io> 2018-04-04 14:03:50 -0700
committer: reverite <samantha@chalker.io> 2018-04-04 14:03:50 -0700
commit: a92dcec83e3f20b61a1e37c183a3be175e4917e8 (patch)
tree: 625ba9228acc501b23af3215466e36a36658e5b0
parent: 85e3530c68e8121b13d37c2600453f2236d4df3c (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/deploy/conf/nginx.conf b/deploy/conf/nginx.conf
index f5acdf2..a3b408b 100644
--- a/deploy/conf/nginx.conf
+++ b/deploy/conf/nginx.conf
@@ -33,6 +33,7 @@ server {
 
   ssl_protocols TLSv1.2 TLSv1.3;
   ssl_ciphers ECDHE+CHACHA20:AES256+EECDH:AES256+EDH:!aNULL;
+  ssl_ecdhparam x25519:secp521r1:secp384r1;
   ssl_prefer_server_ciphers on;
   ssl_session_cache shared:TLS:2m;
   ssl_session_timeout 10m;
@@ -67,8 +68,9 @@ server {
   server_name plural.cafe;
   server_tokens off;
 
-  ssl_protocols TLSv1.2 TLSv1.3;
+  ssl_protocols TLSv1.3 TLSv1.2;
   ssl_ciphers ECDHE+CHACHA20:AES256+EECDH:AES256+EDH:!aNULL;
+  ssl_ecdhparam x25519:secp521r1:secp384r1;
   ssl_prefer_server_ciphers on;
   ssl_session_cache shared:TLS:2m;
   ssl_session_timeout 10m;
author	reverite <samantha@chalker.io>	2018-04-04 14:03:50 -0700
committer	reverite <samantha@chalker.io>	2018-04-04 14:03:50 -0700
commit	a92dcec83e3f20b61a1e37c183a3be175e4917e8 (patch)
tree	625ba9228acc501b23af3215466e36a36658e5b0
parent	85e3530c68e8121b13d37c2600453f2236d4df3c (diff)