HaProxy: Explicitly configure allowed TLS ciphers

2017-12-13 14:00:51 +01:00
parent 2a35c3e157
commit 5e15185166
1 changed files with 3 additions and 0 deletions
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -139,6 +139,9 @@ haproxy:
  environment:
   - CERT_FOLDER=/certs/
   - TIMEOUT=connect 5s, client 5m, server 10m
+   - SSL_BIND_CIPHERS=ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
+   - SSL_BIND_OPTIONS=no-sslv3
+   - EXTRA_GLOBAL_SETTINGS=tune.ssl.default-dh-param 2048
  links:
   - blender_cloud
   # - notifserv