titanz/NGINX-Configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update ssl_early_data configuration

Browse Source
This commit is contained in:
Tommy 2025-01-03 23:05:02 -07:00 committed by GitHub
parent 3b270e4657
commit 37dcc6ddde
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
etc/nginx/conf.d/default.conf
View File

@ -36,6 +36,9 @@ ssl_session_ticket_key session-ticket-keys/1.key;
## ssl_trusted_certificate ## ssl_trusted_certificate
## ssl_stapling_file ## ssl_stapling_file
# Make sure ssl early data is off - replay attack mitigation
ssl_early_data off;
# Cookie flags # Cookie flags
proxy_cookie_flags ~ secure; proxy_cookie_flags ~ secure;

2
etc/nginx/snippets/proxy.conf
View File

@ -4,7 +4,7 @@
# Force http 1.1, anything not supporting it shouldn't be used # Force http 1.1, anything not supporting it shouldn't be used
proxy_http_version 1.1; proxy_http_version 1.1;
# Replay attack mitigation for early data # Signal to upstream whether ssl_early_data is used
proxy_set_header Early-Data $ssl_early_data; proxy_set_header Early-Data $ssl_early_data;
# Restore visitor IP # Restore visitor IP