From 7c6c6bcefb729f940a56ee3fc130b2a5febff2aa Mon Sep 17 00:00:00 2001
From: netaskd <netaskd@gmail.com>
Date: Tue, 4 Dec 2018 21:56:09 +0300
Subject: [PATCH] web: enable ssl_protocol TLSv1.2 only

---
 web/rootfs/defaults/ssl.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/rootfs/defaults/ssl.conf b/web/rootfs/defaults/ssl.conf
index 116cb8e..df20164 100644
--- a/web/rootfs/defaults/ssl.conf
+++ b/web/rootfs/defaults/ssl.conf
@@ -16,6 +16,6 @@ ssl_certificate_key /config/keys/cert.key;
 {{ end }}
 
 # protocols
-ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ssl_protocols TLSv1.2;
 ssl_prefer_server_ciphers on;
 ssl_ciphers ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS;