From f3df9e97c6bedd305133e860654fc0213c12fd6b Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Fri, 13 Aug 2021 12:34:11 +0200
Subject: nginx: T3740: use bracketize_ipv6 Jinja2 filter on server address

---
 data/templates/https/nginx.default.tmpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'data/templates/https')

diff --git a/data/templates/https/nginx.default.tmpl b/data/templates/https/nginx.default.tmpl
index b40ddcc74..2f8aa06c2 100644
--- a/data/templates/https/nginx.default.tmpl
+++ b/data/templates/https/nginx.default.tmpl
@@ -17,7 +17,7 @@ server {
         listen {{ server.port }} ssl;
         listen [::]:{{ server.port }} ssl;
 {% else %}
-        listen {{ server.address }}:{{ server.port }} ssl;
+        listen {{ server.address | bracketize_ipv6 }}:{{ server.port }} ssl;
 {% endif %}
 
 {% for name in server.name %}
-- 
cgit v1.2.3


From 7546e249708de3e0b4bf8f89912caf73265edd60 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Mon, 6 Sep 2021 09:56:06 +0200
Subject: https: T2230: only support TLS1.2 and TLS1.3

---
 data/templates/https/nginx.default.tmpl | 1 +
 1 file changed, 1 insertion(+)

(limited to 'data/templates/https')

diff --git a/data/templates/https/nginx.default.tmpl b/data/templates/https/nginx.default.tmpl
index 2f8aa06c2..9d73baeee 100644
--- a/data/templates/https/nginx.default.tmpl
+++ b/data/templates/https/nginx.default.tmpl
@@ -39,6 +39,7 @@ server {
         #
         include snippets/snakeoil.conf;
 {% endif %}
+        ssl_protocols TLSv1.2 TLSv1.3;
 
         # proxy settings for HTTP API, if enabled; 503, if not
         location ~ /(retrieve|configure|config-file|image|generate|show|docs|openapi.json|redoc|graphql) {
-- 
cgit v1.2.3