From 445708c17b4d0ea7632d58b120c16c1b69bad21b Mon Sep 17 00:00:00 2001
From: cugniere <16650011+Cugniere@users.noreply.github.com>
Date: Fri, 13 Oct 2023 08:08:15 +0200
Subject: [PATCH] =?UTF-8?q?update:=20met=20=C3=A0=20jour=20les=20versions?=
 =?UTF-8?q?=20de=20TLS=20support=C3=A9es=20et=20les=20ciphers=20utilis?=
 =?UTF-8?q?=C3=A9s?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 roles/bootstrap/templates/nginx_ssl_params.conf.j2 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/bootstrap/templates/nginx_ssl_params.conf.j2 b/roles/bootstrap/templates/nginx_ssl_params.conf.j2
index fff92c34..ed79e486 100644
--- a/roles/bootstrap/templates/nginx_ssl_params.conf.j2
+++ b/roles/bootstrap/templates/nginx_ssl_params.conf.j2
@@ -1,6 +1,6 @@
 ssl_prefer_server_ciphers on;
-ssl_ciphers         EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA512:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
-ssl_protocols       TLSv1.2 TLSv1.1 TLSv1;
+ssl_ciphers         ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
+ssl_protocols       TLSv1.2 TLSv1.3;
 ssl_session_cache   shared:TLS:2m;
 ssl_session_timeout 5m;
 ssl_dhparam         /etc/ssl/private/dhparam.pem;