-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS Version / HSTS Header #72
Comments
The previous image 1.21.6 did not accept TLS v1.3 and still accepted 1.0 and 1.1
I can't use HSTS because some of the endpoints (such as for OCSP) need to be accessible over plain HTTP, so that clients can properly build trust if they encounter a LabCA certificate for the first time. The next release will use a newer nginx image that only accepts TLS 1.2 and 1.3, the current version did not even support 1.3 yet. Oops. |
If you want to control e.g. the ssl_protocols or ssl_ciphers settings, create a file named 'custom-ssl.inc' in the /home/labca/nginx_data/conf.d/ directory (or when using the docker-only setup, either add a volume mount or edit the labca_nginx_conf volume to include the file). Similarly, 'custom-base.inc' can be created to e.g. define a custom log format, and 'custom.inc' could be created for any settings on the plain HTTP server context.
It is now (release v23.07.1) possible to put custom settings in one or more extra files in the /home/labca/nginx_data/conf.d/ directory (or when using the docker-only setup, either add a volume mount or edit the labca_nginx_conf volume to include the file(s) in /etc/nginx/conf.d/):
|
Please add the ability to define the alllowed TLS Version of the GUI and the possibility to add HSTS Headers.
The text was updated successfully, but these errors were encountered: