Add TLS 1.3 0-RTT nginx configuration

2019-10-08 17:50:51 +02:00
parent a26fc2cb10
commit b877b1e8c7
2 changed files with 6 additions and 0 deletions
--- a/wo/cli/templates/nginx-core.mustache
+++ b/wo/cli/templates/nginx-core.mustache
@@ -55,6 +55,7 @@ http {
 	ssl_session_cache shared:SSL:50m;
 	ssl_session_tickets off;
 	ssl_prefer_server_ciphers on;
+    ssl_early_data on;
 	{{#tls13}}ssl_ciphers 'TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+AESGCM:EECDH+CHACHA20';
 	ssl_protocols TLSv1.2 TLSv1.3;{{/tls13}}
 	ssl_ecdh_curve X25519:P-521:P-384:P-256;
--- a/wo/cli/templates/tweaks.mustache
+++ b/wo/cli/templates/tweaks.mustache
@@ -27,3 +27,8 @@
 	open_file_cache_min_uses 2;
 	open_file_cache_valid 120s;
 	open_log_file_cache max=10000 inactive=30s min_uses=2;
+
+	ssl_dyn_rec_size_hi 4229;
+	ssl_dyn_rec_size_lo 1369;
+	ssl_dyn_rec_threshold 40;
+	ssl_dyn_rec_timeout 1000;