Disable TLS v1.0 and TLS v1.1

Open leandrocruz opened this issue 2 years ago • 1 comments

Is it possible to add a configuration option to disable these protocols?

Jul 25 '23 20:07 leandrocruz

Hey @leandrocruz - it's not the best solution but you could either mount a file at /usr/local/openresty/nginx/conf/ceryx.conf.tmpl with the contents of the current file^1, plus the wanted TLS config.

You'll need, for example, ssl_protocols TLSv1.2 TLSv1.3; inside the server block.

Of course, you can also open a PR in this repository to add support for this, while keeping the default the same as today (the key should not be configured at all if the environment variable is not set).

The environment variable could be CERYX_SSL_PROTOCOLS.

Aug 28 '23 12:08 akalipetis