nginx: enable TLS 1.3

[chef.git] / cookbooks / imagery / templates / default / nginx_imagery.conf.erb

diff --git a/cookbooks/imagery/templates/default/nginx_imagery.conf.erb b/cookbooks/imagery/templates/default/nginx_imagery.conf.erb
index b95bc601f9e56bbcbb5b5031ead5d5ebfe99e0b8..dcdc2872961f2cbe6c0e4832dc8941aebb0be049 100644 (file)
--- a/cookbooks/imagery/templates/default/nginx_imagery.conf.erb
+++ b/cookbooks/imagery/templates/default/nginx_imagery.conf.erb
@@ -31,6 +31,10 @@ server {
     add_header Strict-Transport-Security "<%= node[:ssl][:strict_transport_security] %>" always;
 <% end -%>
 
+    # Requests sent within early data are subject to replay attacks.
+    # See: http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data
+    ssl_early_data on;
+
     root "/srv/<%= @name %>";
 
     gzip on;