Disable installation of Intel SSD tool

[chef.git] / cookbooks / nginx / templates / default / nginx.conf.erb

diff --git a/cookbooks/nginx/templates/default/nginx.conf.erb b/cookbooks/nginx/templates/default/nginx.conf.erb
index 4b2c15fa0165eaeab3ca644cc9103597068c8ace..e5969ce45ce3acb67f226c4f3a2ab5341851704c 100644 (file)
--- a/cookbooks/nginx/templates/default/nginx.conf.erb
+++ b/cookbooks/nginx/templates/default/nginx.conf.erb
@@ -34,12 +34,18 @@ http {
 
     server_tokens off;
 
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
     ssl_ciphers <%= node[:ssl][:openssl_ciphers] -%>;
     ssl_prefer_server_ciphers on;
     ssl_session_cache shared:SSL:50m;
     ssl_session_timeout 30m;
+
     ssl_stapling on;
+
+    # Validate the stapling response is signed by a trusted certificate
+    ssl_stapling_verify on;
+    ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
+
     ssl_dhparam /etc/ssl/certs/dhparam.pem;
     resolver <%= @resolvers.join(" ") %>;
     resolver_timeout 5s;