forked from norman/fusionpbx-install.sh-github-mirror
2b1771c457
The following changes have been made: * Enable http2 for enhanced HTTP performance * Disable TLSv1 and TLSv1.1 which are now insecure and deprecated * Enable TLSv1.3 * Set more specific list of enabled ciphers to reasonable balance of compliant but still secure ciphers * Add SSL session cache to improve SSL performance in nginx Configurations here were very heavily influenced by the following resources and tools: https://libre-software.net/tls-nginx/ https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6 https://success.qualys.com/discussions/s/question/0D52L00004TnxRMSAZ/help-to-configure-sslciphers-in-nginx-with-tls-13-support