• Jörg Behrmann's avatar
    Nginx: modernise TLS config · 61df826c
    Jörg Behrmann authored
    This commit updates updates the TLS settings to the intermediate
    settings from the Mozilla SSL Configuration Generator [1]
    
    session tickets are disabled, since the timeout is increased and
    renegotiating a session should be cheap enough. TLSv1 and TLSv1.1 are
    disabled and TLSv1.3 is enabled and more modern ciphers are chosen.
    
    Sections for dh_params and HSTS are added were missing and HSTS times
    are bumped to two years instead of one.
    
    http2 support is added to gitlab-ssl, since it is already present and
    enabled in omnibus.
    
    [1] https://ssl-config.mozilla.org/
    
    Changelog: changed
    61df826c
registry-ssl 2.48 KB