change default ciphers

2018-12-09 23:23:02 +01:00 · 2018-12-09 23:23:02 +01:00 · 844f640036
parent 797dc481c1
commit 844f640036
1 changed files with 5 additions and 3 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -63,9 +63,11 @@ nginx_tls_key_file: mykey.pem
 # nginx_tls_dhparam_size: # defaults to 2048

 nginx_tls_ciphers:
-  - ECDHE-ECDSA-CHACHA20-POLY1305
-  - ECDHE-ECDSA-AES128-GCM-SHA256
-  - ECDHE-ECDSA-AES128-SHA
+  - ECDHE-RSA-AES256-GCM-SHA512
+  - DHE-RSA-AES256-GCM-SHA512
+  - ECDHE-RSA-AES256-GCM-SHA384
+  - DHE-RSA-AES256-GCM-SHA384
+  - ECDHE-RSA-AES256-SHA384

 nginx_tls_ocsp_enabled: False
 # nginx_tls_ocsp_trusted_certificate: # defaults to not set