Merge pull request #1258 from zyyw/1.9.0

fix: remove TLSv1.1 from ssl_protocols
goharbor · Aug 11, 2022 · 221faae · 221faae
2 parents db5a241 + 255593e
commit 221faae
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/templates/nginx/configmap-https.yaml b/templates/nginx/configmap-https.yaml
@@ -68,7 +68,7 @@ data:
         ssl_certificate_key /etc/nginx/cert/tls.key;
 
         # recommendations from https://raymii.org/s/tutorials/strong_ssl_security_on_nginx.html
-        ssl_protocols tlsv1.1 tlsv1.2;
+        ssl_protocols tlsv1.2;
         ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
         ssl_prefer_server_ciphers on;
         ssl_session_cache shared:ssl:10m;
@@ -106,7 +106,7 @@ data:
         ssl_certificate_key /etc/nginx/cert/tls.key;
 
         # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
-        ssl_protocols TLSv1.1 TLSv1.2;
+        ssl_protocols TLSv1.2;
         ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
         ssl_prefer_server_ciphers on;
         ssl_session_cache shared:SSL:10m;