Skip to content

Commit 264a910

Browse files
rndmh3rorndmh3ro
authored
Merge pull request #51 from dev-sec/tls_13
add support for tls1.3 protocol
2 parents d7bc1e6 + 6e8b242 commit 264a910

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

controls/nginx_spec.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -231,7 +231,7 @@
231231
desc 'When choosing a cipher during an SSLv3 or TLSv1 handshake, normally the client\'s preference is used. If this directive is enabled, the server\'s preference will be used instead.'
232232
ref 'SSL Hardening config', url: 'https://mozilla.github.io/server-side-tls/ssl-config-generator/'
233233
describe parse_config(nginx_parsed_config, options) do
234-
its('ssl_protocols') { should eq 'TLSv1.2' }
234+
its('ssl_protocols') { should be_in ['TLSv1.3', 'TLSv1.2', 'TLSv1.2 TLSv1.3', 'TLSv1.3 TLSv1.2'] }
235235
its('ssl_session_tickets') { should eq 'off' }
236236
its('ssl_ciphers') { should eq '\'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256\'' }
237237
its('ssl_prefer_server_ciphers') { should eq 'on' }

0 commit comments

Comments
 (0)