Merge pull request #101737 from aneeshusa/nginx-allow-unsetting-ssl_ciphers
nixos/nginx: Allow unsetting ssl_ciphers
This commit is contained in:
commit
dfaa313d43
1 changed files with 2 additions and 2 deletions
|
@ -86,7 +86,7 @@ let
|
|||
''}
|
||||
|
||||
ssl_protocols ${cfg.sslProtocols};
|
||||
ssl_ciphers ${cfg.sslCiphers};
|
||||
${optionalString (cfg.sslCiphers != null) "ssl_ciphers ${cfg.sslCiphers};"}
|
||||
${optionalString (cfg.sslDhparam != null) "ssl_dhparam ${cfg.sslDhparam};"}
|
||||
|
||||
${optionalString (cfg.recommendedTlsSettings) ''
|
||||
|
@ -487,7 +487,7 @@ in
|
|||
};
|
||||
|
||||
sslCiphers = mkOption {
|
||||
type = types.str;
|
||||
type = types.nullOr types.str;
|
||||
# Keep in sync with https://ssl-config.mozilla.org/#server=nginx&config=intermediate
|
||||
default = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
|
||||
description = "Ciphers to choose from when negotiating TLS handshakes.";
|
||||
|
|
Loading…
Reference in a new issue