nixos/nginx: update ciphers list

author: Sandro Jäckel <sandro.jaeckel@gmail.com> 2023-12-29 17:42:06 +0100
committer: tomf <tom@tom-fitzhenry.me.uk> 2024-04-22 23:08:14 +1000
commit: 8db512dae899024237337c78571839eda630ee55 (patch)
tree: 3169d6b2e5a269ed0a23b14f2ebac436482394fc /nixos/modules/services/web-servers
parent: 826abd26e92e5a588f03fc6ce93522977b6e225a (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix
index 40470f535bf61..337d53e869efe 100644
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@@ -829,7 +829,7 @@ in
       sslCiphers = mkOption {
         type = types.nullOr types.str;
         # Keep in sync with https://ssl-config.mozilla.org/#server=nginx&config=intermediate
-        default = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
+        default = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305";
         description = "Ciphers to choose from when negotiating TLS handshakes.";
       };
author	Sandro Jäckel <sandro.jaeckel@gmail.com>	2023-12-29 17:42:06 +0100
committer	tomf <tom@tom-fitzhenry.me.uk>	2024-04-22 23:08:14 +1000
commit	8db512dae899024237337c78571839eda630ee55 (patch)
tree	3169d6b2e5a269ed0a23b14f2ebac436482394fc /nixos/modules/services/web-servers
parent	826abd26e92e5a588f03fc6ce93522977b6e225a (diff)