From efee146044b47b1da6ad746ff8f4ac8b4178662d Mon Sep 17 00:00:00 2001
From: James Graham <J.Graham@software.ac.uk>
Date: Fri, 24 Apr 2020 15:01:40 +0100
Subject: [PATCH] security: Disable TLS < 1.2

---
 roles/webserver/templates/nginx-site-ssl.j2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/webserver/templates/nginx-site-ssl.j2 b/roles/webserver/templates/nginx-site-ssl.j2
index ba5f461..6c969cf 100644
--- a/roles/webserver/templates/nginx-site-ssl.j2
+++ b/roles/webserver/templates/nginx-site-ssl.j2
@@ -5,6 +5,7 @@ server {
 
     ssl_certificate /etc/ssl/crt/{{ inventory_hostname }}.crt;
     ssl_certificate_key /etc/ssl/private/{{ inventory_hostname }}.pem;
+    ssl_protocols TLSv1.2 TLSv1.3;
 
     # Cache and tickets improve performance by ~10% on small requests
     ssl_session_cache shared:SSL:1m;