Add support for TLSv1.3 in nginx configurations (#18659)

Signed-off-by: malmor <62105800+malmor@users.noreply.github.com> Co-authored-by: MinerYang <yminer@vmware.com>
goharbor · May 26, 2023 · 135ca37 · 135ca37
1 parent 982ff0a
commit 135ca37
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/make/photon/prepare/templates/nginx/nginx.https.conf.jinja b/make/photon/prepare/templates/nginx/nginx.https.conf.jinja
@@ -58,7 +58,7 @@ http {
     ssl_certificate_key {{ssl_cert_key}};
 
     # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
-    ssl_protocols TLSv1.2;
+    ssl_protocols TLSv1.2 TLSv1.3;
     ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
     ssl_prefer_server_ciphers on;
     ssl_session_cache shared:SSL:10m;

diff --git a/make/photon/prepare/templates/portal/nginx.conf.jinja b/make/photon/prepare/templates/portal/nginx.conf.jinja
@@ -22,7 +22,7 @@ http {
         ssl_certificate_key /etc/harbor/tls/portal.key;
 
         # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
-        ssl_protocols TLSv1.2;
+        ssl_protocols TLSv1.2 TLSv1.3;
         ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
         ssl_prefer_server_ciphers on;
         ssl_session_cache shared:SSL:10m;