nginx: enable TLS 1.3

[chef.git] / cookbooks / nginx / templates / default / nginx.conf.erb

diff --git a/cookbooks/nginx/templates/default/nginx.conf.erb b/cookbooks/nginx/templates/default/nginx.conf.erb
index ae0d8bd418e3ba527f6ec6092a75f6e67094954b..e5969ce45ce3acb67f226c4f3a2ab5341851704c 100644 (file)
--- a/cookbooks/nginx/templates/default/nginx.conf.erb
+++ b/cookbooks/nginx/templates/default/nginx.conf.erb
@@ -34,11 +34,12 @@ http {
 
     server_tokens off;
 
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
     ssl_ciphers <%= node[:ssl][:openssl_ciphers] -%>;
     ssl_prefer_server_ciphers on;
     ssl_session_cache shared:SSL:50m;
     ssl_session_timeout 30m;
+
     ssl_stapling on;
 
     # Validate the stapling response is signed by a trusted certificate