From 8cba71b51444c3119c6b9771e2a6eee9b389a1fa Mon Sep 17 00:00:00 2001
From: ljf <ljf+yunohost@grimaud.me>
Date: Mon, 20 Mar 2017 00:45:33 +0100
Subject: [PATCH] [fix] Apply cipher suite into webadmin nginx conf

---
 data/templates/nginx/plain/yunohost_admin.conf | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/data/templates/nginx/plain/yunohost_admin.conf b/data/templates/nginx/plain/yunohost_admin.conf
index bcd99493b..57abac7ee 100644
--- a/data/templates/nginx/plain/yunohost_admin.conf
+++ b/data/templates/nginx/plain/yunohost_admin.conf
@@ -19,9 +19,12 @@ server {
     ssl_certificate_key /etc/yunohost/certs/yunohost.org/key.pem;
     ssl_session_timeout 5m;
     ssl_session_cache shared:SSL:50m;
+
+    # Ciphers with modern configuration
+    # Source : https://mozilla.github.io/server-side-tls/ssl-config-generator/
+    ssl_protocols TLSv1.2;
+    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
     ssl_prefer_server_ciphers on;
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-    ssl_ciphers ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:+HIGH:+MEDIUM;
 
     add_header Strict-Transport-Security "max-age=31536000;";