Remove deprecated and unsafe TLS v1 and v1.1 protocols, and fix READM…

…E notes
medic · Mar 22, 2021 · af08f5a · af08f5a
1 parent 3357573
commit af08f5a
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -12,7 +12,6 @@ they have a free DNS service that provide wildcard DNS for any IP
 address, including private IPs:
 
     $ dig 10-0-0-1.my.local-ip.co +short
-
     10.0.0.1
 
 So having a public certificate and a public DNS that resolves to your
@@ -101,7 +100,7 @@ Also a convenient environment file can be used to store the new values as sugges
 **my.env file:**
 
     HTTP=8080
-    HTTPS=444
+    HTTPS=8444
 
 Run with: `APP_URL=https://192.168.1.3:5988 docker-compose --env-file=my.env up`
 

diff --git a/default.conf.template b/default.conf.template
@@ -12,10 +12,7 @@ server {
   ssl_certificate           /etc/nginx/server.chained.pem;
   ssl_certificate_key       /etc/nginx/server.key;
 
-  ssl_session_cache  builtin:1000  shared:SSL:10m;
-  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
-  ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
-  ssl_prefer_server_ciphers on;
+  ssl_protocols TLSv1.2;
 
   sendfile                  on;
   tcp_nopush                on;