matomo-org · J0WI · Jun 20, 2019 · Findus23 · Feb 13, 2020 · Findus23
diff --git a/ssl.conf b/ssl.conf
@@ -9,8 +9,9 @@ ssl_session_cache shared:SSL:50m;
 ssl_session_tickets off;
 
 # modern configuration. tweak to your needs.
-ssl_protocols TLSv1.2;
+ssl_protocols TLSv1.3 TLSv1.2;
 ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
+ssl_ecdh_curve X25519:secp521r1:secp384r1;
 ssl_prefer_server_ciphers on;
 
 # OCSP Stapling ---