DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #6551 from mtparet/patch-1

Browse source 
Add documentation to activate DHE based ciphers
This commit is contained in:
Kubernetes Prow Robot 2020-12-01 08:18:50 -08:00 committed by GitHub
commit 9c45345e6d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docs/user-guide/nginx-configuration/configmap.md
View file

@ -511,6 +511,8 @@ The default cipher list is:
The ordering of a ciphersuite is very important because it decides which algorithms are going to be selected in priority. The recommendation above prioritizes algorithms that provide perfect [forward secrecy](https://wiki.mozilla.org/Security/Server_Side_TLS#Forward_Secrecy).
DHE-based cyphers will not be available until DH parameter is configured [Custom DH parameters for perfect forward secrecy](https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/customization/ssl-dh-param)
Please check the [Mozilla SSL Configuration Generator](https://mozilla.github.io/server-side-tls/ssl-config-generator/).
__Note:__ ssl_prefer_server_ciphers directive will be enabled by default for http context.