aboutsummaryrefslogtreecommitdiff
path: root/src/infrastructure/guix/system.scm
diff options
context:
space:
mode:
Diffstat (limited to 'src/infrastructure/guix/system.scm')
-rw-r--r--src/infrastructure/guix/system.scm2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/infrastructure/guix/system.scm b/src/infrastructure/guix/system.scm
index 3c77f89..7e1e04b 100644
--- a/src/infrastructure/guix/system.scm
+++ b/src/infrastructure/guix/system.scm
@@ -417,6 +417,8 @@
# BearSSL still doesn't TLSv1.3, so we deem TLSv1.2 as
# acceptable
ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
+ ssl_prefer_server_ciphers on;
gzip off; # Disable compression altogether due to BREACH
include /opt/secrets/nginx.conf.txt;
charset utf-8;
generated by cgit v1.2.3 (git 2.49.0) at 2025-07-12 21:10:46 +0000