Add setting to configure ecdh curve

2017-03-30 23:23:14 -03:00 · 2017-03-30 23:23:14 -03:00 · 8e41bdd3d4
commit 8e41bdd3d4
parent 5d17c7cc17
2 changed files with 7 additions and 0 deletions
--- a/controllers/nginx/pkg/config/config.go
+++ b/controllers/nginx/pkg/config/config.go
@ -200,6 +200,10 @@ type Configuration struct {
 	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers
 	SSLCiphers string `json:"ssl-ciphers,omitempty"`

+	// Specifies a curve for ECDHE ciphers.
+	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ecdh_curve
+	SSLECDHCurve string `json:"ssl-ecdh-curve,omitempty"`
+
 	// The secret that contains Diffie-Hellman key to help with "Perfect Forward Secrecy"
 	// https://www.openssl.org/docs/manmaster/apps/dhparam.html
 	// https://wiki.mozilla.org/Security/Server_Side_TLS#DHE_handshake_and_dhparam
@ -280,6 +284,7 @@ func NewDefault() Configuration {
 		ShowServerTokens:         true,
 		SSLBufferSize:            sslBufferSize,
 		SSLCiphers:               sslCiphers,
+		SSLECDHCurve:             "secp384r1",
 		SSLProtocols:             sslProtocols,
 		SSLSessionCache:          true,
 		SSLSessionCacheSize:      sslSessionCacheSize,
--- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
+++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
@ -183,6 +183,8 @@ http {
    ssl_dyn_rec_size_lo 0;
    {{ end }}

+    ssl_ecdh_curve {{ $cfg.SSLECDHCurve }};
+
    {{ if .CustomErrors }}
    # Custom error pages
    proxy_intercept_errors on;