diff options
Diffstat (limited to 'src/infrastructure/guix/system.scm')
-rw-r--r-- | src/infrastructure/guix/system.scm | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/infrastructure/guix/system.scm b/src/infrastructure/guix/system.scm index 3c77f89..7e1e04b 100644 --- a/src/infrastructure/guix/system.scm +++ b/src/infrastructure/guix/system.scm @@ -417,6 +417,8 @@ # BearSSL still doesn't TLSv1.3, so we deem TLSv1.2 as # acceptable ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH; + ssl_prefer_server_ciphers on; gzip off; # Disable compression altogether due to BREACH include /opt/secrets/nginx.conf.txt; charset utf-8; |