nixos/httpd: disable TLSv1 by default for better security

2019-02-07 14:05:44 -05:00
parent 70765af1a6
commit dd610ce84f
1 changed files with 2 additions and 2 deletions
--- a/nixos/modules/services/web-servers/apache-httpd/default.nix
+++ b/nixos/modules/services/web-servers/apache-httpd/default.nix
@@ -639,8 +639,8 @@ in

      sslProtocols = mkOption {
        type = types.str;
-        default = "All -SSLv2 -SSLv3";
-        example = "All -SSLv2 -SSLv3 -TLSv1";
+        default = "All -SSLv2 -SSLv3 -TLSv1";
+        example = "All -SSLv2 -SSLv3";
        description = "Allowed SSL/TLS protocol versions.";
      };
    }