From ed73246b1d042e1f4c0147a85eb7fa933d691fb5 Mon Sep 17 00:00:00 2001 From: openoms Date: Mon, 14 Feb 2022 08:21:54 +0000 Subject: [PATCH] update to TLSv1.3, remove v1.1 --- nginx/README.md | 7 ++++--- nginx/custom_website_subdomain.sh | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/nginx/README.md b/nginx/README.md index 20a54e8..ec7b086 100644 --- a/nginx/README.md +++ b/nginx/README.md @@ -5,7 +5,7 @@ In this example configuration a redirect is added to the mempool instance on the LAN: To download, check and run: ``` -wget https://raw.githubusercontent.com/openoms/bitcoin-tutorials/master/nginx/custom_website_subdomain.sh +wget -O custom_website_subdomain.sh https://raw.githubusercontent.com/openoms/bitcoin-tutorials/master/nginx/custom_website_subdomain.sh cat custom_website_subdomain.sh @@ -17,7 +17,8 @@ bash custom_website_subdomain.sh In this example configuration a redirect and SSL encryption added to a Fulcrum instance. To download, check and run: ``` -wget https://raw.githubusercontent.com/openoms/bitcoin-tutorials/master/nginx/electrum_server_subdomain.sh +wget -O electrum_server_subdomain.sh +https://raw.githubusercontent.com/openoms/bitcoin-tutorials/master/nginx/electrum_server_subdomain.sh cat electrum_server_subdomain.sh @@ -30,7 +31,7 @@ Have a look through the script here: [bonus.SSL_for_RTL.sh](bonus.SSL_for_RTL.sh To download, check and run: ``` -wget https://github.com/openoms/bitcoin-tutorials/raw/master/nginx/bonus.SSL_for_RTL.sh +wget -O bonus.SSL_for_RTL.sh https://github.com/openoms/bitcoin-tutorials/raw/master/nginx/bonus.SSL_for_RTL.sh cat bonus.SSL_for_RTL.sh diff --git a/nginx/custom_website_subdomain.sh b/nginx/custom_website_subdomain.sh index ca824fa..0bcdd2e 100644 --- a/nginx/custom_website_subdomain.sh +++ b/nginx/custom_website_subdomain.sh @@ -36,7 +36,7 @@ server { ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; - ssl_protocols TLSv1.1 TLSv1.2; + ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'; ssl_prefer_server_ciphers on; ssl_stapling on;