From 424c08b6a8710de99ea38d331875277ceeb6dfa3 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Mon, 6 Sep 2021 09:56:06 +0200
Subject: https: T2230: only support TLS1.2 and TLS1.3

(cherry picked from commit 7546e249708de3e0b4bf8f89912caf73265edd60)
---
 data/templates/https/nginx.default.tmpl | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/templates/https/nginx.default.tmpl b/data/templates/https/nginx.default.tmpl
index 4aaf0132f..26d0b5d73 100644
--- a/data/templates/https/nginx.default.tmpl
+++ b/data/templates/https/nginx.default.tmpl
@@ -38,6 +38,7 @@ server {
         #
         include snippets/snakeoil.conf;
 {% endif %}
+        ssl_protocols TLSv1.2 TLSv1.3;
 
         # proxy settings for HTTP API, if enabled; 503, if not
         location ~ /(retrieve|configure|config-file|image|generate|show) {
-- 
cgit v1.2.3