Merge pull request #53702 from aanderse/apache-ssl-opt
nixos/httpd: add options sslCiphers & sslProtocols
This commit is contained in:
commit
0305c55888
@ -187,8 +187,8 @@ let
|
||||
SSLRandomSeed startup builtin
|
||||
SSLRandomSeed connect builtin
|
||||
|
||||
SSLProtocol All -SSLv2 -SSLv3
|
||||
SSLCipherSuite HIGH:!aNULL:!MD5:!EXP
|
||||
SSLProtocol ${mainCfg.sslProtocols}
|
||||
SSLCipherSuite ${mainCfg.sslCiphers}
|
||||
SSLHonorCipherOrder on
|
||||
'';
|
||||
|
||||
@ -630,6 +630,19 @@ in
|
||||
description =
|
||||
"Maximum number of httpd requests answered per httpd child (prefork), 0 means unlimited";
|
||||
};
|
||||
|
||||
sslCiphers = mkOption {
|
||||
type = types.str;
|
||||
default = "HIGH:!aNULL:!MD5:!EXP";
|
||||
description = "Cipher Suite available for negotiation in SSL proxy handshake.";
|
||||
};
|
||||
|
||||
sslProtocols = mkOption {
|
||||
type = types.str;
|
||||
default = "All -SSLv2 -SSLv3";
|
||||
example = "All -SSLv2 -SSLv3 -TLSv1";
|
||||
description = "Allowed SSL/TLS protocol versions.";
|
||||
};
|
||||
}
|
||||
|
||||
# Include the options shared between the main server and virtual hosts.
|
||||
|
Loading…
Reference in New Issue
Block a user