Disable TLS 1.0 and enable TLS 1.3

7 anni fa · 3254a4d161
--- a/roles/matrix-server/templates/nginx-conf.d/matrix-riot-web.conf.j2
+++ b/roles/matrix-server/templates/nginx-conf.d/matrix-riot-web.conf.j2
@@ -35,7 +35,7 @@ server {
 	ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ hostname_riot }}/fullchain.pem;
 	ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ hostname_riot }}/privkey.pem;
 	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 	ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
 	ssl_prefer_server_ciphers on;
 	ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
--- a/roles/matrix-server/templates/nginx-conf.d/matrix-synapse.conf.j2
+++ b/roles/matrix-server/templates/nginx-conf.d/matrix-synapse.conf.j2
@@ -35,7 +35,7 @@ server {
 	ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ hostname_matrix }}/fullchain.pem;
 	ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ hostname_matrix }}/privkey.pem;
 	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 	ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
 	ssl_prefer_server_ciphers on;
 	ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";