Skip to content

Commit

Permalink
ncm-metaconfig: nginx add DHE-RSA-CHACHA20-POLY1305 cipher suite
Browse files Browse the repository at this point in the history
  • Loading branch information
@wdpypere
wdpypere committed Sep 14, 2024
1 parent 4057c4b commit 81ff45b
Showing 1 changed file with 45 additions and 9 deletions.
54 changes: 45 additions & 9 deletions ncm-metaconfig/src/main/metaconfig/nginx/pan/schema.pan
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,15 +9,51 @@ include 'pan/types';
type sslprotocol = choice("TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3");

@{ based on Mozilla server side tls intermediate recommendations }
type cipherstring = choice("TLSv1", "ECDHE-ECDSA-CHACHA20-POLY1305", "ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES256-GCM-SHA384", "DHE-RSA-AES128-GCM-SHA256", "DHE-RSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-AES128-SHA256", "ECDHE-RSA-AES128-SHA256", "ECDHE-ECDSA-AES128-SHA", "ECDHE-RSA-AES256-SHA384",
"ECDHE-RSA-AES128-SHA", "ECDHE-ECDSA-AES256-SHA384", "ECDHE-ECDSA-AES256-SHA", "ECDHE-RSA-AES256-SHA",
"DHE-RSA-AES128-SHA256", "DHE-RSA-AES128-SHA", "DHE-RSA-AES256-SHA256", "DHE-RSA-AES256-SHA",
"ECDHE-ECDSA-DES-CBC3-SHA", "ECDHE-RSA-DES-CBC3-SHA", "EDH-RSA-DES-CBC3-SHA", "AES128-GCM-SHA256",
"AES256-GCM-SHA384", "AES128-SHA256", "AES256-SHA256", "AES128-SHA", "AES256-SHA", "DES-CBC3-SHA", "!RC4",
"!LOW", "!aNULL", "!eNULL", "!MD5", "!EXP", "!3DES", "!IDEA", "!SEED", "!CAMELLIA", "!DSS");
type cipherstring = choice(
"!3DES",
"!CAMELLIA",
"!DSS",
"!EXP",
"!IDEA",
"!LOW",
"!MD5",
"!RC4",
"!SEED",
"!aNULL",
"!eNULL",
"AES128-GCM-SHA256",
"AES128-SHA",
"AES128-SHA256",
"AES256-GCM-SHA384",
"AES256-SHA",
"AES256-SHA256",
"DES-CBC3-SHA",
"DHE-RSA-AES128-GCM-SHA256",
"DHE-RSA-AES128-SHA",
"DHE-RSA-AES128-SHA256",
"DHE-RSA-AES256-GCM-SHA384",
"DHE-RSA-AES256-SHA",
"DHE-RSA-AES256-SHA256",
"DHE-RSA-CHACHA20-POLY1305",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES128-SHA",
"ECDHE-ECDSA-AES128-SHA256",
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-AES256-SHA",
"ECDHE-ECDSA-AES256-SHA384",
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-ECDSA-DES-CBC3-SHA",
"ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES128-SHA",
"ECDHE-RSA-AES128-SHA256",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES256-SHA",
"ECDHE-RSA-AES256-SHA384",
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-RSA-DES-CBC3-SHA",
"EDH-RSA-DES-CBC3-SHA",
"TLSv1",
);

type basic_ssl = {
"options" ? string[]
Expand Down

0 comments on commit 81ff45b

Please sign in to comment.