Am 17.01.2023 12:22 schrieb Stuart Henderson:
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256;More specific than it needs to be really, and the list may get outdated.Something like "TLSv1.3:TLSv1.2+AEAD+ECDHE" would be nicer. ssl_prefer_server_ciphers on; You're only listing modern ciphers anyway; it's often better to leave it up to the client to decide (e.g. the client knows whether it has AES acceleration and can use that to decide a preference between AES-GCM or CHACHA20-POLY1305; could be a fair difference in battery life on mobile devices).
you're right.. I think I used the mozilla config generator for that one "back then".. hmm. and some include snippet would the maximum I'd go, too ciao -- pb
